Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTP/2 - Upgrade Header filtered

Sven | Last updated: Jan 28, 2016 05:37AM UTC

Hi, I was experimenting with curl, sending HTTP/2 requests and realised that Burp is filtering/replacing the HTTP/2 Upgrade header since version 1.6.33. Therefore no HTTP/2 communication is established with the server. I know that Burp is not supporting HTTP/2 yet and the HTTP/2 frames cannot be decoded in Burp, but is it possible to get the original, unfiltered content if a HTTP/2 request is sent from the browser to Burp? If so, can this original request (and also the response) be used in the Extender via an API call? Thanks and cheers, Sven

Burp User | Last updated: Jan 28, 2016 05:38AM UTC

This question was already raised before in the forum, but I am just curious: Will there be HTTP/2 support this year or is there already a roadmap or can anything be shared about the status of it? Thanks.

PortSwigger Agent | Last updated: Jan 28, 2016 09:17AM UTC

Since HTTP/2 won't currently work properly via Burp, the best option is to block the attempt to upgrade, so that client and server will fail over to HTTP/1. We don't currently have an ETA for HTTP/2 support. We are continuing to monitor take up and usage, and will make a decision on how/when to support required HTTP/2 features on the basis of this.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.