Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Run a BURP scan without error

Johnson, | Last updated: Aug 30, 2021 10:57PM UTC

After setting up a scan for a Fax portal, I'm getting prompted for credentials, even though I have defined these in the scan. When I input the same credentials when browsing the webpage to be scanned, I receive the error: "RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the request)" I've tried forcing HTTP/1.1 by changing the Project Options --> HTTP but this doesn't work. I"m wondering if it is a browser config issue, but need to know what this error is telling me.

Michelle, PortSwigger Agent | Last updated: Aug 31, 2021 01:09PM UTC

Thanks for your message. When you perform the scan but it doesn't seem to pick up the credentials you have entered in the scan configuration, does the event log for the scan show and message confirming that the login page was detected? Do you see the same error "RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the request)" when the scan runs or does that only happen if you browse to the site and manually log in? Which version of Burp are you currently using? When you disabled HTTP/2 under Project Options were there any different errors?

Klaas | Last updated: Sep 17, 2021 07:58AM UTC

I am having the same issue with Burp Suite Community Edition v2021.8.3 build 9673 I have disabled HTTP/2, but that results in not being able to login at all. credentials are simply ignored and I get the login promt again.

Michelle, PortSwigger Agent | Last updated: Sep 17, 2021 08:45AM UTC

Thanks for your message. What type of authentication does the site use? If you go to Proxy -> Options -> Proxy Listener -> Edit and disable HTTP/2 on the Proxy Listener you are using are you able to browse to the site and authenticate?

Laroche | Last updated: Oct 04, 2021 09:19PM UTC

I'm having a similar if not the same issue. I have a site that handles authentication via personal cert. In order to authenticate I need to change the browser's proxy to default, authenticate, then I change it back to the Burp proxy, refresh, and it's good. This has been working for years, but today I started getting the same "RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the request)" error as the other above. I'm able to auth without the Burp proxy, but when I change back to it in the browser, it pops the error. I tried disabling support for HTTP/2, didn't work. I'm using Pro version 2021.8.2

Michelle, PortSwigger Agent | Last updated: Oct 05, 2021 09:28AM UTC

Thanks for your message. When you disabled HTTP/2, did you configure it under the options for the Proxy Listener (Proxy -> Options -> Proxy Listener -> Edit -> HTTP -> Support HTTP/2)? If this option is disabled and you are still seeing the error, can you email support@portswigger.net with some more details about the site and the authentication so we can take a closer look at this with you, please?

Laroche | Last updated: Oct 05, 2021 05:53PM UTC

I did disable it the proxy listener options, and verified in the request header that it was sent via HTTP 1.1. I'll email support, thanks.

| Last updated: Oct 14, 2021 10:48PM UTC

Any update on this? I'm dead in the water trying to test Burp Suite due to this issue?

Michelle, PortSwigger Agent | Last updated: Oct 15, 2021 09:46AM UTC

Feel free to send an email to support@portswigger.net with a few more details on your setup and the site where you're seeing this issue, but as a starting point you could try testing the following: If you're trying to use Burp's embedded browser or proxy an external browser via Burp, you can disable HTTP/2 under Proxy -> Options -> Proxy Listener -> Edit -> HTTP -> Disable Support HTTP/2 If you're trying to send requests using the Repeater tool and are seeing this error you can disable HTTP/2 under Project Options -> HTTP/2 -> Default to HTTP/2 if the server support it. I hope this helps.

Alexey | Last updated: Nov 30, 2021 07:42PM UTC

PortSwigger would be beneficial if anyone could find an answer right here, without sending emails, especially when the issue is the same.

Alexey | Last updated: Nov 30, 2021 09:19PM UTC

Update: Second part (HTTP/2 under Project Options -> HTTP/2 -> Default to HTTP/2) helps not only for Repeater, but overall solves the issue (in my case Burp restart was required).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.