As this view doesn't rely on HTTP/1 syntax, you're able to construct attacks using a number of HTTP/2-exclusive vectors that are impossible to reproduce in HTTP/1. In addition to the HTTP/1-style representation of the request that you can see in the message editor, the Inspector now lets you work with HTTP/2 headers and pseudo-headers in a way that more closely resembles what will be sent to the server. We are excited to announce that Burp Suite Professional and Community Edition now provide native support for viewing and manipulating HTTP/2 requests. Test for HTTP/2-exclusive vulnerabilities
BURP SUITE PROFESSIONAL EDITION 1.6.09 MEDIAFIRE UPGRADE
This enables you to easily upgrade and downgrade requests to experiment with protocol-specific vulnerabilities. For example, the HTTP/1 request line is mapped to HTTP/2's :method and :path pseudo-headers. When you switch protocols, Burp will automatically perform the necessary transformations behind the scenes to generate an equivalent request suitable for the new protocol. In Burp Repeater and Proxy Intercept, you can now choose whether to send each request using HTTP/1 or HTTP/2.
It also implements a security fix for the embedded browser and some minor bug fixes for recorded login sequences.Ĭontrol the protocol for individual requests This enables you to identify and exploit a number of HTTP/2-exclusive vulnerabilities, including those presented by James Kettle at Black Hat USA 2021. This release provides a range of powerful new enhancements to Burp's HTTP/2 support.
0 kommentar(er)
