For certain purposes (e.g. do attacks that aren't compliant), we had to implement our own HTTP client (https://github.com/BountySecurity/gbounty/tree/main/internal/platform/http/client).
However, it doesn't have support for HTTP/2, and it's not very likely that we'll add such support in the near future.
Which turns out to be a noticeable limitation.
So, an alternative we could have is to have another implementation of the scan.Requester, that performs the HTTP requests using the http.Client, when the given request.Request looks like an HTTP/2 request (proto is 2.0), which would cover a vast majority of attacks (all ones that are HTTP compliant).
The current behavior should remain for HTTP/1.X requests.
For certain purposes (e.g. do attacks that aren't compliant), we had to implement our own HTTP client (https://github.com/BountySecurity/gbounty/tree/main/internal/platform/http/client).
However, it doesn't have support for HTTP/2, and it's not very likely that we'll add such support in the near future.
Which turns out to be a noticeable limitation.
So, an alternative we could have is to have another implementation of the
scan.Requester, that performs the HTTP requests using thehttp.Client, when the givenrequest.Requestlooks like an HTTP/2 request (proto is 2.0), which would cover a vast majority of attacks (all ones that are HTTP compliant).The current behavior should remain for HTTP/1.X requests.