This tab contains settings to control how Burp handles HTTP redirections, streaming responses and status 100 responses.
These settings control the types of redirections that Burp will understand in situations where it is configured to follow redirections.
The following types of redirection can be selected:
Note that Burp's behavior in following redirections to particular targets is determined by settings within each individual Burp tool (for instance, based on Target scope).
These settings let you inform Burp which URLs return "streaming" responses, which do not terminate. Burp will then handle these responses differently than normal responses.
Streaming responses are often used for functions like continuously updating price data in trading applications. Typically, some client side script code makes a request, and the server keeps the response stream open, pushing further data in real time as this becomes available. Because intercepting proxies use a store-and-forward model, they can break these applications: the Proxy waits indefinitely for the streaming response to finish, and none of it is ever forwarded to the client.
Streaming responses are handled in the following way by individual Burp tools:
For help configuring the list of streaming URLs, refer to the help on URL matching rules.
Two further options are available relating to streaming responses:
Streaming responses are often compressed using GZIP encoding - you can configure Burp to decompress this content via the normal options in the Proxy and Repeater configurations.
Note that you can also use the streaming responses support for handling very large responses that are not strictly streaming (such as binary file downloads), in order to bypass the store-and-forward proxy model and improve Burp's performance.
These settings control the way Burp handles HTTP responses with status 100. These responses often occur when a POST request is sent to the server, and it makes an interim response before the request body has been transmitted.
The following settings are available:
By default, Burp Suite opens a new TCP connection for each HTTP/1.1 request / response pair. If you select the Use keep-alive for HTTP/1 if the server supports it checkbox, then the system keeps the same TCP connection open so that it can be used by multiple request / response pairs. This brings significant benefits in speed and request timing.
Burp Suite closes any open TCP connections after five seconds of inactivity.
This setting affects all Burp Suite tools that send HTTP requests. However, you can override it for Repeater using the Enable HTTP/1 connection reuse menu option. For more information, see the Burp Repeater Options page.
By default, Burp speaks HTTP/2 to all servers that advertise support for it during the TLS handshake. If you deselect this option, Burp will use HTTP/1 even if the server supports HTTP/2.
Regardless of your settings here, you can override this default for an individual request using the Protocol toggle in the Inspector. Note that this only applies to editable contexts, such as in Burp Repeater or an intercepted request in Burp Proxy.
Burp provides two different options for working with HTTP/2 messages in a human-readable format. For more information, see the HTTP/2 documentation.
We have only implemented the core features of HTTP/2 that are relevant for use with Burp Suite. Additional features, such as server push, are not supported.