Burp Suite User Forum

Login to post

HTTP2 Failure In Extensions / callbacks.makeHttpRequest

Nick | Last updated: May 13, 2021 06:25PM UTC

Hello, I'm currently using Burp Pro version 2021.5.1-7814, however I've noticed this behavior on earlier versions as well. The Proxy handles HTTP/2 traffic just fine. So does repeater. But when an extension literally repeats back the exact same request with the following code, the logger shows the web server didn't understand the request. package burp; import com.sun.org.apache.xpath.internal.operations.Bool; import java.net.URL; import java.util.ArrayList; import java.util.List; import java.util.UUID; public class RetryRequestRunnable implements Runnable { private IHttpRequestResponse[] requestResponseArray; private IBurpExtenderCallbacks callbacks; private IExtensionHelpers helpers; public RetryRequestRunnable(IHttpRequestResponse[] requestResponsArray,IBurpExtenderCallbacks callbacks,IExtensionHelpers helpers) { this.callbacks=callbacks; this.helpers=helpers; this.requestResponseArray=requestResponsArray; } @Override public void run() { for(int i = 0;i<this.requestResponseArray.length;i++){ IHttpRequestResponse requestResponse = this.requestResponseArray[i]; IHttpService httpService = requestResponse.getHttpService(); byte[] request = requestResponse.getRequest(); IHttpRequestResponse httpRequestResponseResult = this.callbacks.makeHttpRequest(httpService, request); } } } It says: HTTP/1.1 505 HTTP Version Not Supported Server: awselb/2.0 Date: Thu, 13 May 2021 18:16:53 GMT Content-Type: text/html Content-Length: 152 Connection: close <html> <head><title>505 HTTP Version Not Supported</title></head> <body> <center><h1>505 HTTP Version Not Supported</h1></center> </body> </html> I can then take that exact same request from logger and send it to repeater and with no modification at all, send it, and the response comes back just fine. So, something related to extensions and the API is causing HTTP/2 requests to get mangled. I further tested this by disabling HTTP/2 support in Project Options -> HTTP. Then retrying the same procedure and everything works great. No problems whatsoever.

Nick | Last updated: May 13, 2021 10:06PM UTC

Just saw this: https://forum.portswigger.net/thread/issues-between-http2-and-most-extensions-489f2056 I think it's likely the same issue

Ben, PortSwigger Agent | Last updated: May 14, 2021 09:17AM UTC

Hi Nick, I believe that you are correct. As noted in the other forum thread, we are currently working on providing a fix for this so we will update you on when this has been implemented.

Michelle, PortSwigger Agent | Last updated: Jun 09, 2021 02:57PM UTC

I just wanted to let you know that a fix for this issue was included in our 2021.6 Early Adopter release. If you have any questions, please let us know.

You need to Log in to post a reply. Or register here, for free.