Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Exception after adding BouncyCastle libraries bcpkix into the project

Jun | Last updated: Dec 23, 2022 09:06AM UTC

Hi, I'm currently trying to do an extension based off the new Montoya API that help me sign request using a PKCS1 Key. However, Java does not support PKCS1 key out of the box and require the usage of BouncyCastle. After adding bouncycastle into my gradle, I'm getting an error while adding the extension jar file into my burp suite. java.lang.Exception: Extension class is not a recognized type at burp.g07.X(Unknown Source) at burp.g07.Z(Unknown Source) at burp._j9.s(Unknown Source) at burp.n10.x(Unknown Source) at burp.a5y.lambda$panelLoaded$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) I'm using Burp Suite Professional v2022.11.3 > implementation 'org.bouncycastle:bcpkix-jdk15on:1.70'

Liam, PortSwigger Agent | Last updated: Dec 23, 2022 04:20PM UTC

Thanks for your message, Jun. I've checked with our Burp Pro development team, and Burp already includes the BouncyCastle PKIX JAR, so there’s no need for you to include it. If you use the extension without trying to add BouncyCastle, do you encounter different behavior or another error message?

Jun | Last updated: Dec 23, 2022 04:26PM UTC

Hi Liam, I won't be able to build the jar file if I don't include BouncyCastle in the gradle file.

Jun | Last updated: Dec 23, 2022 04:30PM UTC

When I tried to build the jar file, it says error: package org.bouncycastle.openssl does not exist or cannot find symbols. Thanks!

Jun | Last updated: Dec 23, 2022 04:48PM UTC

To add on to my previous comment, I have tried using reflection to access the class and I think burp does have bouncycastle included but I'm getting TargetInvocationException. Class<?> pemParserClass = Class.forName("org.bouncycastle.openssl.PEMParser"); Class<?> pemKpClass = Class.forName("org.bouncycastle.openssl.PEMKeyPair"); Constructor<?> pemParserConstructor = pemParserClass.getConstructor(Reader.class); Object pemParser = pemParserConstructor.newInstance(new FileReader(privateKeyFile)); Class<?> jcaPEMKeyConverterClass = Class.forName("org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter"); Constructor<?> jcaPEMKeyConverterConstructor = jcaPEMKeyConverterClass.getConstructor(null); Object converter = jcaPEMKeyConverterConstructor.newInstance(null); Method pemReadObject = pemParserClass.getMethod("readObject"); Object keyObject = pemReadObject.invoke(pemParser); Method converterGetKeyPair = jcaPEMKeyConverterClass.getMethod("getKeyPair", pemKpClass); >KeyPair kp = (KeyPair) converterGetKeyPair.invoke(converter, pemKpClass.cast(keyObject));< PrivateKey privateKey = kp.getPrivate(); the exception is thrown at converterGetKeyPair invoke method.

Jun | Last updated: Dec 23, 2022 04:52PM UTC

I tried the same way of reflection in a new project with bouncycastle bcpkix included and it managed to sign successfully, so I suspect it to be something to do with the bouncycastle in burpsuite.

Jun | Last updated: Dec 23, 2022 04:56PM UTC

Ok. I found the problem for the InvocationTargetException. It has been fixed but is reflection the only way to call BouncyCastle related classes?

Jun | Last updated: Dec 23, 2022 04:56PM UTC

Ok. I found the problem for the InvocationTargetException. It has been fixed but is reflection the only way to call BouncyCastle related classes?

Liam, PortSwigger Agent | Last updated: Dec 27, 2022 06:12PM UTC