Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTP Headers line folding seems to break Hackvertor tags

Antoine | Last updated: Aug 09, 2021 06:53AM UTC

Hello, I was playing with line folding in HTTP headers after reading the as-usual-amazing paper from albinowax (https://portswigger.net/research/http2), and I noticed something strange with Hackvertor tags when testing with HTTP TRACE requests. If I put a "folded" line (a line starting with a space), the Hackvertor tags are not interpreted (even if they are in another line). With the following request, everything will work normally: TRACE / HTTP/2 Host: foo.com User-Agent: foobar X: Y A: B<@repeat(10)>D<@/repeat> W: Z If will see: HTTP/2 200 Ok [... other headers... then the TRACE request reflected back] TRACE / HTTP/2 Host: foo.com User-Agent: foobar X: Y a: BDDDDDDDDDD W: Z If I use a "folded" line in the TRACE request, I'll have something different: TRACE / HTTP/2 User-Agent: FOOBAR x: b A: BBB<@repeat(10)>D<@/repeat> W: Z HTTP/2 200 OK [... other headers... then the TRACE request reflected back] user-agent: FOOBAR x: b a: BBB<@repeat(10)>D<@/repeat> Note that this is the case with HTTP/1.1 and HTTP/2.

Uthman, PortSwigger Agent | Last updated: Aug 09, 2021 02:33PM UTC

Hi Antoine, Thanks for reporting this issue. Can you clarify which part of your request is folded? It looks like Hackvertor does not update the request in the Raw view from the Repeater. This is always going to show you the original request (unmodified). However, if you look at the Logger then you should see that the request actually becomes: TRACE / HTTP/2 User-Agent: FOOBAR x: b A: BBBDDDDDDDDDD W: Z If you still think there could be a bug, please feel free to email support@portswigger.net.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.