Use HTTP/1.1 instead of HTTP/2

OWASP · Jan 3, 2025 · 197b308 · 197b308
1 parent 647b83f
commit 197b308
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/trainingportal/qna.js b/trainingportal/qna.js
@@ -208,7 +208,7 @@ let analysisEnc = (mes) => {
   }
   let keyInfoB64 = util.btoa(JSON.stringify(keyInfo));
   let postData = `kmb64=${keyInfoB64}`;
-  let post = `POST / HTTP/2\n`;
+  let post = `POST / HTTP/1.1\n`;
   post+=`Host: finance.biznis\n`;
   post+=`Content-length: ${postData.length}\n\n`;
   post+= postData;

diff --git a/trainingportal/static/lessons/cryptoBreaker/crypto_xor.md b/trainingportal/static/lessons/cryptoBreaker/crypto_xor.md
@@ -39,9 +39,9 @@ If the attacker controls the input, they may easily derive the key by feeding th
 
 Even if the attacker doesn't control the input, if they can guess one message and have the cipher for that message, then they will be able to obtain the key and decrypt all subsequent messages.
 
-For example if XOR was used for encrypting HTTP traffic, the first line of an HTTP request to a website will most likely be:
+For example if XOR was used for encrypting HTTP 1.1 traffic, the first line of an HTTP request to a website will most likely be:
 
-         GET / HTTP/2
+         GET / HTTP/1.1
 
 Similarly the first line of the HTTP response will be: