[null] Burp Error

[Nilesh Sapariya]

Hi All,

While testing one of the application burp throwing error as 

"handshake alert: unrecognized_name

The "unrecognized_name" error indicates that the server might be misconfigured, Try turning on the "Disable java SNI extension" option and restart burp"

OR Sometimes it shows error as

Attempting to auto-select SSL parameters for sitename.com

Failed to auto-select SSL parameters to sitename.com

You have limited key lengths available. To use stronger keys, please download and install the JCE unlimited strength jurisdiction policy files, 

from Oracle.

javax.net.ssl.SSLException: handshake alert:  unrecognized_name

Any one came across with such issue ? 

Thanks. 

[anand gupta]

Hi Nilesh,

This error shows because of SSL certificate.

The website which you are trying to capture on Burp is an HTTPS, that's why this error is showing. 

Solution: Install burp certificate then your problem will be resolved.

Thanks

Anand Gupta 

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
se7enth edition of nullcon Goa (Mar 9-12, 2016)
http://nullcon.net
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

[Ajay Nunna]

Hi Nileesh,

I have observed couple of errors list by you.What i have observed during that is ,the burp certificate installation is not properly done.

Steps to resolved.

1.Close the application

2.Clear the history of your browser.

3.Install the burp certificate again .

4. Try accessing the application.

This way worked most fo the times for me .

Regards,

Ajay Nunna
8978408281

On Mon, May 23, 2016 at 9:33 AM, Nilesh Sapariya <nilesh.s...@gmail.com> wrote:

--

[Terminator]

Yes, Install burp certificate. You can download this from http://burp when burp  is configured with browser.

[Nilesh Sapariya]

Hi @anand , Ajay and sarangi :- Thanks for your inputs but I already tried doing all this stuff. Thanks once again. But nothing works out for me. 

Thanks & Regards,

Nilesh Sapariya 

Security Researcher  

https://twitter.com/nilesh_loganx

http://shield4you.blogspot.in/

--

[Hitesh Badlani]

Hi Nilesh,

Follow the below link. This might help you. It worked for me.

https://gfragkos.blogspot.in/2015/07/burp-suite-error-handshake-alert.html

Thanks,

Hitesh Badlani

[Sanjeev Kumar Jaiswal]

Hi Nilesh,

May I know if your application is using 

1. SPA or Angular at front-end?

2. Did you see authentication header in response

3. Does it allow to flow the request through  proxy or taking request only from specific IP

I asked above questions because application that I am testing caused similar issue. cipher key length related. 

This link helped me to fix in Firefox though :https://support.portswigger.net/customer/portal/articles/1783087-Installing_Installing%20CA%20Certificate%20-%20FF.html

[~pras~]

I recently bumped into this issue as well, coincidentally it was with the latest Burp update. It is a certificate issue and most probably the application is hitting CDNs of the web app you are trying to crawl or test and failing to negotiate ciphers. Use SSL Pass through option with the URL and port in Burp Proxy options tab.

Worked for me when everything failed and I got similar errors