Burp community forum

burpsuite_free_v1.6 with upstream proxy not able to intercept https traffic/sites.

Ashwin | Last updated: Jun 23, 2015 01:26PM UTC

Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode) And not able to intercept any https site traffic .Below are the alert remark from burpsuite which i m getting. And had also installed the JCE unlimited strength jurisdiction policy files, but no changes have been reflected. Error: Attempting to auto-select SSL parameters for <FQDN> Failed to auto-select SSL parameters for <FQDN> javax.net.SSLException: server certificate change is restricted during renegotiation server certificate change is restricted during renegotiation Failed to auto-select SSL parameters for <FQDN> You have limited key lengths available. To use stronger keys, please download and install the JCE unlimited strength jurisdiction policy files, from Oracle. javax.net.ssl.SSLException: server certificate change is restricted during renegotiation server certificate change is restricted during renegotiation javax.net.ssl.SSLException: server certificate change is restricted during renegotiation server certificate change is restricted during renegotiation You have limited key lengths available. To use stronger keys, please download and install the JCE unlimited strength jurisdiction policy files, from Oracle. please let us know the solution or workaround for the same. Thanks.

PortSwigger Agent | Last updated: Jun 24, 2015 07:52AM UTC

Can you try enabling unsafe renegotiation on the command line when you start Burp, for example: java -Dsun.security.ssl.allowUnsafeRenegotiation=true -jar /path/to/burp.jar This should hopefully deal with the error: "javax.net.SSLException: server certificate change is restricted during renegotiation".

Burp User | Last updated: Nov 06, 2015 06:37AM UTC

Hi Team, I have been using burp suite_free_v1.6 with upstream proxy.And not able to intercept any https site traffic Had used the above provided command for the same. -->Java -Dsun.security.ssl.allowUnsafeRenegotiation=true -jar /path/to/burp.jar But again not able to intercept any https site traffic. Please suggest any solution for the same. Below is attached error for the same. The client failed to negotiate an SSL connection to XX.XX.XX.XX:443: no cipher suites in common Thanks Ashwin Mishra

PortSwigger Agent | Last updated: Nov 06, 2015 08:56AM UTC

It sounds like this could be a problem between your browser and Burp. Please can you try: 1. If using Firefox, go to about:config in Firefox and set the security.ssl3.dhe_rsa_aes_128_sha preference to "false". 2. A diffferent version of Java. 3. A different browser.

You need to Log in to post a reply. Or register here, for free.