Burp Suite User Forum

Login to post

Request corruption on Repeater when tampering with full URLs in :path header on HTTP2

GonDragon | Last updated: Sep 14, 2022 03:42PM UTC

What I tried to do: On a Repeater request over HTTP2, replace the content of the :path header ( "/example" ) with a full url ( "https://www.google.com/example" ) What I expected to happen: A successful update of the request, or, if it's not possible due some technical reason, prevent the change and get some feedback on why. What is happening: The request gets corrupted. You can not send the request, view the Pretty/Raw/Hex info of the request, nor you can edit back the :path header. The only solution is to delete the request and write it again.

Hannah, PortSwigger Agent | Last updated: Sep 15, 2022 09:10AM UTC

Hi Thanks for reporting this! We've replicated this issue, and have added further information to a bug report for this behavior. If there's anything else we can help with, then please let us know.

You need to Log in to post a reply. Or register here, for free.