Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

I am unable to open any HTTPS website after updating to v2021.8

Vignesh | Last updated: Aug 06, 2021 11:21AM UTC

I am getting "HTTP/2 stream error on 127.0.0.1:8080 - Flow-control limits exceeded" on opening any website running HTTPS. Tried in all the browsers, tried resetting the certificate, tried re-installing the burp suite, etc etc, and wasted enough of my time now. Please help.

Abdurrahman | Last updated: Aug 06, 2021 11:41AM UTC

I have that same problem, Please help.

Uthman, PortSwigger Agent | Last updated: Aug 06, 2021 11:45AM UTC

Hi, Can you please share the full steps to replicate your issue? Does the issue persist with extensions disabled or HTTP/2 disabled in the project options? Please include the URL of a site/application that displays this behavior.

Abdurrahman | Last updated: Aug 06, 2021 12:01PM UTC

After disable HTTP/2 my issue fixed.

Uthman, PortSwigger Agent | Last updated: Aug 06, 2021 12:08PM UTC

Hi Abdurrahman, Thanks for the feedback. Can you share some steps to replicate the original issue? Can you share the URL of a site/application, please?

Brandon | Last updated: Aug 07, 2021 02:35AM UTC

I'm also having the same issue. I just updated to 2021.8 and any page I go to I get a blank white page. In the event log I get an error that says HTTP/2 stream error on 127.0.0.1:8080 - Flow-control limits exceeded. I tried uninstalling the current CA certificate, regenerated an new one and installed and I still have the same issue. I'm using the built in chromium browser on Windows 10. I went to Project options > HTTP > HTTP/2 and disabled HTTP/2 and I still get the same exact error even though I disabled it. In it's current state I'm unable to use Burp.

Brandon | Last updated: Aug 07, 2021 02:41AM UTC

I also forgot to add that I tried using Firefox, installed the certificate, disabled http/2 and I still get the same exact error as above and will need to downgrade to use burp.

Uthman, PortSwigger Agent | Last updated: Aug 09, 2021 07:29AM UTC

Hi Brandon, Vignesh's issue was resolved by disabling some antivirus software (ESET antivirus in his case). Can you please double-check if you have any similar software running on your machine? If so, please check if it performs TLS inspection and disable that feature (or add a whitelist for the Burp Pro application). If you have any issues, please email support@portswigger.net

Brandon | Last updated: Aug 09, 2021 10:58PM UTC

I can confirm this was the issue. I added burp's cert to exclude it as well as excluded burp suite from protocol filtering and ssl/tls and it was still blocking burp. I had to completely shut off ssl/tls protocol filtering to get it to work. Thanks a lot for the help.

Uthman, PortSwigger Agent | Last updated: Aug 10, 2021 09:04AM UTC

Thanks for the feedback! Please feel free to reach out if you have any further issues.

Jeremy | Last updated: Aug 10, 2021 07:31PM UTC

I am having the same issue after upgrading. No pages will load, get HTTP/2 stream error on [LocalIP:]Flow-control limited exceeded. Tried disabling the HTTP/2 options in the scan, that didn't help. Worked fine before the upgrade.

Jeremy | Last updated: Aug 10, 2021 07:39PM UTC

Finally found the setting. In BurpSuite, go to the Proxy tab. Options Click edit under Proxy Listeners. Go to HTTP tab. Uncheck Support HTTP/2.

Jeremy | Last updated: Aug 10, 2021 07:39PM UTC

Finally found the setting. In BurpSuite, go to the Proxy tab. Options Click edit under Proxy Listeners. Go to HTTP tab. Uncheck Support HTTP/2.

Thibault | Last updated: Aug 25, 2021 03:18PM UTC

I confirm the issue too and thank you @Jeremy, your solution solved it. Just restart the chromium browser after editing and it should be good !

Uthman, PortSwigger Agent | Last updated: Aug 25, 2021 05:15PM UTC

Hi everyone, Please read mine and Brandon's message above. The error is likely occurring as a result of some type of antivirus software with protocol filtering and SSL/TLS inspection capabilities. Disabling HTTP/2 is not really a solution. You can try adding the Burp CA cert to your antivirus software if there is an option to import trusted CAs, whitelist the embedded browser executable, and ideally the Burp Pro executable. If the above fails or you do not have any antivirus software installed, we would be interested to investigate this further. Please reach out to support@portswigger.net for some help.

David | Last updated: Jan 24, 2022 07:56PM UTC

I am using the community version. It seems that there is no way to save the configuration in the community version. However, if I start a browser and just type g, and the rest of the URL shows google.com, the event log (on the dashboard) shows the request for google.com is sent even before I hit return. At this point I get the flow control error. Now I cannot do anything in Burp Suite. If I close out Burp Suite and restart it I can turn off the HTTP 2 before I do anything, then type g for google.com I see the request sent but this time it shows it is HTTP 2 and no flow control error. I can use Burp Suite as expected. How do I correct this issue without having to change the configuration every time I run Burp Suite? As a note my other desktop does not have this issue, only the one desktop has this problem.

Uthman, PortSwigger Agent | Last updated: Jan 25, 2022 08:17AM UTC

Hi David,

Please email support@portswigger.net with the information below:

  • Screen recording of the issue replicated
  • Diagnostics (Help > Diagnostics)
  • Whether you have any antivirus software installed on the same machine you can replicate the issue on. If so, please specify exactly which product and vendor. Have you tried the solution in this thread?
  • Clarify where you are turning HTTP2 off - is this under Project options? Or on the Proxy Listener itself?
  • How are you confirming that an HTTP2 request has been sent in the second scenario where this all works as expected?
  • Can you replicate the issue in both the embedded browser and an external one (e.g. Firefox)?
  • Differences between the two desktops - do you have the same software installed on both? Same OS? Are you usually connected to the same network (be that VPN, WiFi, etc...)?

Just to clarify, the reason you are most likely seeing that it works with HTTP2 disabled could be because of the issue discussed in this forum post. If you have some AV software installed with protocol filtering or TLS/SSL inspection enabled, the traffic will first be hitting that as soon as it leaves Burp > Then you see the error message in the Event log.

To save the config, I would suggest saving your project options under Project > Project options > Save project options. You can then load from a configuration file when you next launch Burp.

In terms of the request being sent before you hit Enter, I would double-check that you don't have the 'Live passive crawl from Proxy (all traffic)' live task enabled on the Dashboard (this is on by default).

Thomas | Last updated: Mar 15, 2024 03:41PM UTC

In case it helps anyone, I was experiencing this issue because I had another process listening on port 8080. I had to kill this other process so that the Burpe proxy server could be successfully created (although there was no indication in the UI that the proxy server had failed to start).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.