This is standard for HTTP/1 messages, but also applies to the editor's representation of HTTP/2 messages. In the message editor, the request line and status line contain the protocol version. There are a number of places where this information is displayed: When testing for protocol-level vulnerabilities, it's important that you're aware of which protocol is being used for each request. Keeping track of which protocol you're using You can still send individual HTTP/2 requests by switching the protocol in the Inspector if necessary. This is useful if you're performing testing where it's necessary to always use HTTP/1. You can also tailor this behavior to suit your current needs by changing the default protocol for the project. This ensures that, even if you're not conducting any protocol-specific testing, you can still take advantage of the performance improvements provided by HTTP/2 where available. To help you get the most out of these features, we've provided a brief overview of the background concepts that are relevant.īy default, Burp speaks HTTP/2 to all servers that advertise support for it via ALPN during the TLS handshake. ![]() Under the hood, HTTP/2 is very different from HTTP/1. HTTP/2: The Sequel Is Always Worse Background concepts Managing application logins using the configuration library. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |