Burp Suite User Forum

Login to post

Burp Enterprise: Jenkins Plugin Connection Timed Out

Adam | Last updated: Jul 22, 2020 02:59PM UTC

Hi, I'm currently testing the Jenkins plugin for Burp Enterprise. In this test, I'm using a simple HelloWorld.java to build and from here want to scan a web application just to make sure the plugin is working effectively. I'm building Jenkins through it's official Docker image and using the following environment variables : "JAVA_OPTS=-Dhttp.proxyHost=PROXY_ADDRESS -Dhttp.proxyPort=PROXY_PORT -Dhttps.proxyHost=PROXY_ADDRESS -Dhttps.proxyPort=PROXY_PORT". I've also set up the corporate proxy within Jenkins itself in the Advanced plugin settings. I set up the configuration as documented here https://portswigger.net/burp/documentation/enterprise/administration-tasks/integrating-ci However, I keep getting the following stack trace: ERROR: Build step failed with exception java.net.ConnectException: Connection timed out (Connection timed out) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666) at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:426) at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88) at net.portswigger.X.a(Unknown Source) at net.portswigger.bW.b(Unknown Source) at net.portswigger.b6.b(Unknown Source) at net.portswigger.b6.a(Unknown Source) at net.portswigger.t.a(Unknown Source) at net.portswigger.t.a(Unknown Source) at net.portswigger.burp.api.b.openWebSocket(Unknown Source) at net.portswigger.burp.api.driver.BurpCiDriver.scan(Unknown Source) at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:134) Caused: java.io.UncheckedIOException at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:139) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1880) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:428) Build step 'Burp scan' marked build as failure Am I misunderstanding something? Or is something I should look into with my Jenkins build?

Hannah, PortSwigger Agent | Last updated: Jul 23, 2020 10:20AM UTC

Hi If you exclude the Burp step does your build complete successfully? Are your Burp Suite Enterprise installation services currently running, and are you using a valid API user?

Adam | Last updated: Jul 23, 2020 11:07AM UTC

Yes, the build works without issue without the Burp plugin. Yes Burp Enterprise is up and the API user valid. I should say the plugin has to go through the proxy configured to reach my Burp Enterprise instance.

Adam | Last updated: Jul 24, 2020 10:38AM UTC

So I've managed to get it working without the proxy, but if my Jenkins instance requires a proxy connection to reach outwards what can you recommend?

Hannah, PortSwigger Agent | Last updated: Jul 24, 2020 12:06PM UTC

Is this occurring for every build going through the proxy connection? If you set just one proxy host, as opposed to for both HTTP and HTTPS, does it succeed? Have you restarted Jenkins after you set the proxy in advanced plugin settings? Are you using both the environmental variables and the advanced plugin settings at the same time? If so, have you tried testing them in isolation?

Adam | Last updated: Jul 24, 2020 01:37PM UTC

Is this occurring for every build going through the proxy connection? - Yes, every attempt at a Burp Enterprise scan fails. If you set just one proxy host, as opposed to for both HTTP and HTTPS, does it succeed? - No, none are successful. Have you restarted Jenkins after you set the proxy in advanced plugin settings? - Yes multiple times. Are you using both the environmental variables and the advanced plugin settings at the same time? If so, have you tried testing them in isolation? - Yes neither have made any impact.

Ben, PortSwigger Agent | Last updated: Jul 29, 2020 12:40PM UTC

Hi, So, to confirm, if you remove your proxy from the chain then the Jenkins job successfully permeates through to Burp Enterprise? Are you aware as to whether your proxy server is doing anything special with the requests that it is receiving?

You need to Log in to post a reply. Or register here, for free.