Burp Suite cant capture SSL traffic

[Rakesh Tiwari]

Hi,

I could not capture SSL traffic in burp suite. Using firefox 37.1 version. I am test one application . Have installed burp certificate also but no luck.

I can capture SSL traffic using Zap in browser version 3.6 however, not happening for burp suite, end up with following attached error message , did not get error "I understand the risk" and add exception option.

Interestingly burp is able to capture all type HTTP traffic with no error. Is there any solution to use burp suite for HTTPS sites?

Regards,

Rakesh

[Akash]

Hi Rakesh,

It is always a good idea to blur the URL in screenshots before posting online.

A couple of things might help you

1. Is there any entry in Options | SSL | Server SSL Certificates

2. Is there any entry related to the domain you are on in Proxy | Options | SSL Pass Through

If you are not sure, I recommend that you clear Browser Cache, restart Burp Suite, disable "Automatically add enteries on client SSL negotiation failure" in Proxy | Options | SSL Pass Through and see what happens.

Also keep looking at the Alerts tab for any errors related to the domain.

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
Do you trust your hardware?
http://hardwear.io
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at http://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

--

Warm regards,
Akash Mahajan

That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager

[Shrivathsa Bhat]

Hello,

Give this FireFox add-on a try after clear cache and restart of FF.

https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/ 

Or use Mantra (Firefox based browser) (URL: https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#tab=Downloads) in which latest FireFox securities are disabled for testing purpose.

Regards,

Vathsa.

[Priyesh Barge]

Hi Rakesh,

Maybe you can try checking the java version installed on your system. If it is java 1.8 try reverting to java 1.7 since burp is not fully tested against java 1.8. 

Thanks and Regards,

Priyesh Barge

Information Security Analyst

9821132795/8108197709

[Amilcar de Leon]

I'd also recommend trying java 1.9...I had similar prblems in the past (cipher was not supported) and it worked with this version of java.

[Nanda Kumar]

I tried with jdk1.8 it is working so you even go for it.

Nanda

[Rakesh Tiwari]

Interestingly able to work with window 8 64 bit , posting installing java 7, however still no luck with window 7 32 but os installed in my laptop. Already followed all steps suggested by all. Don't understand why not working with 7 . Do I need to install window 7 (64 bit)

[Nanda Kumar]

Can you check you are using correct JDK?

[Rajesh A.]

Hi,

It's working for me on
RHEL 6.6
JDK 1.7.75
BURP 1.6.30
have burp crt installed in FF 38.3

It seems its all about
Have proper version of Java ..
Install burp crt.
Not related OS.
U can bypass default Java by having executable directly and run with full path.
..

[Rakesh Tiwari]

Please find attached this is what have installed in windows 7 (32)bit in laptop

it works good on company desktop installed with windows 8 64 bit OS but not working in my laptop.

Pls check if using correct version for java for win 7 32 bit os