Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

"Load from configuration file" leaves "Default to HTTP/2" unchecked

Nicolas | Last updated: Aug 06, 2021 08:55AM UTC

The "Default to HTTP/2 if the server supports it" project option is not set correctly when "Load from configuration file" is used during launch. To reproduce: 1. In Burp, go to "Project options" -> "HTTP" and check "Default to HTTP/2 if the server supports it" 2. Save the project options to a file (Project -> Project options -> Save project options) 3. Exit Burp 4. Open Burp. Choose "Temporary project", and in the next screen choose "Load from configuration file" and select the configuration saved in step #2 5. Go to the "Project options" -> "HTTP" tab. The "Default to HTTP/2 if the server supports it" project option is not set Note that if the same configuration file is loaded *after* Burp has started (with Project -> Project options -> Load project options), then the option is set correctly. The issue seems to be that the option is disabled during startup, after the configuration as been loaded.

Uthman, PortSwigger Agent | Last updated: Aug 06, 2021 09:20AM UTC

Hi Nicolas, Thank you for reporting this. I have attempted to replicate it with the steps you have provided but I do not have any issues. If you look at the configuration file created at step 2, is HTTP/2 correctly enabled? (i.e. set to 'true' in your configuration) Does the issue persist with extensions disabled? If so, please email support@portswigger.net with your diagnostics (Help > Diagnostics) and a screen recording so that we can investigate this further.

Nicolas | Last updated: Aug 06, 2021 09:55AM UTC

Thanks for your quick response. It was indeed the InQL extension, which even issues the following message when enabled: Jython does not support HTTP/2 at the current stage: disabling it!

Uthman, PortSwigger Agent | Last updated: Aug 06, 2021 10:13AM UTC

Thanks for the feedback! It looks like this could be related to the issue below: - https://github.com/doyensec/inql/issues/36 We have reached out to the developers of the extension and they will hopefully be updating the extension again soon.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.