Used HTTP protocol version information lost #74
Comments
|
how about we forcefully use the protocol of the original request during the interception? |
Not sure what you mean or how this would work in practice. The HTTP protocol is not hard-coded by burp, it's determined based on the ALPN with the intercept proxy. Assuming that's what you're trying to do. From the burp suite docs:
It's kinda hard to explain, maybe I should try to create a diagram to help explain the problem I have in mind. |
|
I got your point, just for simplicity can we add below as a feature for future releases |
|
That's another possibility, but I'd like to avoid that approach if possible because it may be confusing. Something like |
Currently there's no way to know which HTTP version was used to actually send the request because the "spoof TLS proxy" part of the extension is basically a HTTP 1 web server and thus burp automatically assumes HTTP 1 was used. This can cause confusions like #73.
I don't think there's a straightforward way to solve this issue because from Burps POV the protocol version is the version that the "spoof TLS proxy" server uses. We can't magically switch protocols after the actual request completed, i.e. when we know the actual used HTTP version after ALPN with the "destination".
If there's no convenient way to set it directly via Burp's Java API (so to manipulate the request viewer directly), perhaps we can simply provide another way to provide it like in the extension logs and document it as a limitation.
The text was updated successfully, but these errors were encountered: