Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

400 bad request no ssl sent in postman response

Seiso | Last updated: Dec 12, 2022 07:43PM UTC

Hello, I am using postman and want to integrate it with burpsuite. I have turned off ssl certificate in general settings in postman. I am getting the response when custom proxy is turned off, however I am getting error when custom proxy is turned on. I have self signed certificate included in postman. I was getting response 5 days back and after that I am getting 400 bad request, ssl not sent. Not sure what's the issue. Please help. Thank you.

Liam, PortSwigger Agent | Last updated: Dec 13, 2022 08:25AM UTC

Thanks for your message, Seiso. Are you following a specific method or tutorial to integrate with Postman? - https://www.secureideas.com/blog/2019/03/better-api-penetration-testing-with-postman-part-2.html

romankris | Last updated: May 01, 2023 06:24AM UTC

This issue typically happens for a 2-Way TLS, when the certificate sent by the client is expired. In a 2-way TLS, both client and server exchange their public certificates to accomplish the handshake. The client validates the server certificate and the server validates the client certificate. During the TLS handshake if it is found that the client certificate is expired, then the server will send 400 - Bad request with the message “The SSL certificate error”. The solution for this problem is that procure a new certificate and upload the certificate https://net-informations.com/q/mis/400.html

Liam, PortSwigger Agent | Last updated: May 02, 2023 07:37AM UTC

Thanks for the update, romankris.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.