Burp Suite User Forum

Login to post

HTTP1.1 replaced by HTTP/2 in response header?

RV | Last updated: Jun 10, 2021 08:56PM UTC

I intent to use Burp Suite to be able to see in more detail the communication of an application I just started to develop. I am currently using Community Edition v2021.5.2. My application responds normally when I do not use the Burp proxy. With the proxy however, an Exception is thrown within my application: AggregateException: “One or more errors occurred.” at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at System.Threading.Tasks.Task.Wait() InnerException: “An error occurred while sending the request.” InnerException: “The server committed a protocol violation. Section=ResponseStatusLine” at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) I tried this for several websites, every single time this exception is thrown. The response status line in Burp shows: HTTP/2 200 OK This seems odd to me because the request was HTTP/1.1, which I confirmed using Burp. RFC 2145 states: "An HTTP server SHOULD send a response version equal to the highest version for which the server is at least conditionally compliant, and whose major version is less than or equal to the one received in the request." So I think the Exception message is correct, returning version 2 for a 1.1 request is indeed a protocol violation. When I do a 'Match and Replace' in Burp to change the version in the response header, my application does process the response without any issues, while it should not be able to handle HTTP/2 response messages. The remaining question is: Does the server cause this problem, or does Burp? I sent requests to multiple websites, and the problem is there only when I use the Burp proxy. Therefore it seems likely the problem is related to Burp.

Uthman, PortSwigger Agent | Last updated: Jun 11, 2021 08:05AM UTC

Hi RV, Are you sure that the server does not support HTTP/2? Have you tried checking this using cURL? Burp will initially send an HTTP/1.1 request and if an 'HTTP/2 200 OK' is received, all subsequent requests will use HTTP/2. It is described in our documentation below: - https://portswigger.net/burp/documentation/desktop/options/http

You need to Log in to post a reply. Or register here, for free.