Burp Suite User Forum

Login to post

Encountering javax.net.ssl.SSLException: Unsupported or unrecognized ssl message when crawling

Scott | Last updated: Nov 01, 2019 06:59PM UTC

I have recently upgraded to Burp Suite Pro 2.1.04. Previously I could spider my application but using the new crawler I immediately encounter the following exception and can't seem to get much further. javax.net.ssl.SSLException: Unsupported or unrecognized ssl message I am running Burp on Windows Server 2016. I have installed the Burp certificate in chrome and am proxying web traffic through over localhost:8080. My target is another web server on the subnet in my lab. Any help you can provide would be appreciated. Thanks

Ben, PortSwigger Agent | Last updated: Nov 04, 2019 10:03AM UTC

Hi Scott, Thank you for your message. Does this issue occur with any other site that you try to browse to whilst using Burp Professional or is it just happening with the site you are trying to test? A couple of things you could try initially: In Project options -> SSL -> SSL Negotiation there are some SSL Negotiation Workaround options that you could change to see if this resolves the issue. Similarly, in User options -> SSL -> Java SSL Options, there is the option to Disable Java SNI. Again you could and enable this to see if it resolves the issue. The suggestion would be to try each one of these in turn to see if it resolves the issue that you are seeing. Please let us know how you get on.

Ben, PortSwigger Agent | Last updated: Nov 04, 2019 10:36AM UTC

Hi Scott, Glad to hear that you were able to resolve the issue using Burp's Platform Authentication. Please do not hesitate to get back in touch if you require any further assistance with anything in the future.

Burp User | Last updated: Nov 04, 2019 09:01PM UTC

Thanks Ben! The Project Options tab is exactly what I was looking for. I access the target environments via an apache proxy and we have LDAP authentication enabled. I was not authenticating on this layer. To fix the issue I went to: Project Options -> Connections -> Platform Authentication and then entered the relevant apache hostname and user credentials for the LDAP. Once that was configured the errors went away and I am able to crawl the host.

You need to Log in to post a reply. Or register here, for free.