Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp fails to upload file with "Received fatal alert: record_overflow" error

Nick | Last updated: Mar 26, 2020 09:59PM UTC

I am attempting to upload a vanilla PDF to the Glassdoor website while using Burp. With certain files, I keep getting this error: "Error "Received fatal alert: record_overflow" Others work. I don't understand what's happening. Here are two files which work and fail: Fails: https://1drv.ms/b/s!AsEGReIoupfZhY4vYbCFQwOihy42rQ Works: https://1drv.ms/b/s!AsEGReIoupfZhY4w0fOGzWP9A5D74Q?e=LOz5KC Steps to repro: 1. Create a Glassdoor account at https://glassdoor.co.uk 2. Once you've signed in and skipped all the questions about your employment, go to My CVs: https://www.glassdoor.co.uk/member/account/resumeUploads_input.htm 3. Upload the two files, clicking "No" on whether you want a professional to review the file. Notice that "a-works" works but "a-fails" fails with a Burp error immediately. In the proxy, there appears to be no response to the request. Let me know if I can provide any more information, this is 100% reproducible for me.

Nick | Last updated: Mar 26, 2020 10:03PM UTC

Oh, I should say: I'm using Burp Suite Community Edition 2020.2.1 on OS X 10.14.6.

Hannah, PortSwigger Agent | Last updated: Mar 27, 2020 11:16AM UTC

Hi. This may have been caused by a TLS1.3 bug in the JDK you are using (https://stackoverflow.com/questions/54119613/sslhandshakeexception-received-fatal-alert-record-overflow). Could you try disabling TLS1.3 in your Burp - "Project options > TLS > TLS negotiation > Use custom protocols and ciphers > Uncheck TLS1.3"? I've tested this on my setup and it resolved the issue. Please let me know how you get on.

Nick | Last updated: Apr 07, 2020 06:23PM UTC

Thanks for the reply. I'd love to try this, but I can't find this menu item. I have a Project menu with a "Project options" submenu, but the only things inside there are "Restore Defaults >", "Load project options" and "Save project options". I'm on Burp Suite Community Edition 2020.2.1. Where can I find this setting?

Nick | Last updated: Apr 07, 2020 06:27PM UTC

Oh, I see. You were talking about the "Project options" tab, not the menu item. I've turned off TLS v1.3 now. I'll let you know how I get on.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.