The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Bug with Extender self._callbacks.makeHttpRequest ?

Smeege | Last updated: Feb 25, 2016 07:45PM UTC

When I use self._callbacks.makeHttpRequest in my extension and the target server responds with an SSL error such as "SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)" I get an alert from Burp in the alerts tab saying "Attempting to auto-slect SSL parameters" as expected. However, the extension seems to hang indefinitely at this point. The attempted request never times out and never triggers an error. This leaves my extension hanging and never performs the next actions. Is there any way via the API, client settings, etc. to prevent this without adding some other check? If I try to make this request manually without doing it through my extension it eventually stops trying to connect and gives me the SSL error in the browser. Thanks!

PortSwigger Agent | Last updated: Feb 26, 2016 08:52AM UTC

The SSL autonegotiation process can take several minutes, and only occurs once per target domain where an SSL problem is encountered. The call to make an HTTP request will block while this is in progress, but won't "hang" in any other sense. Make sure you aren't making HTTP requests from the Swing event thread! You can turn off autonegotiation at Options / SSL / SSL Negotiation.

Burp User | Last updated: Apr 01, 2016 02:27AM UTC