Burp Suite User Forum

Login to post

handshake failure: unknown_ca

Tony | Last updated: Dec 30, 2019 11:48AM UTC

Hello Im using latest Burp in Manjaro 64 bit Im trying to capture SSL traffic of one android app i have modified app to capture ssl traffic using network_config xml file, also i have added CA certificate as system and user in android. Now here we go.... Suppose whenever i press login button in android app i get unique host entry in burp every time. ex. paypal.com, yahoo.com, bing.com with suffix of huge url like...../login/sdfksjhfkshfkjshkfhskfahskfhsdfhsfks/login But there is no relation between yahoo,paypal,bing to that application Then after those entry i get unknown_ca error with one site. therefore i opened that site in firefox, and i get xyxyxyx.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT So i accept and continue, then site open with loads of plain text encrypted data. that site has self sign certificate, aes-gcm 256 bit tls 1.3 But in android i get unknown_ca error Thanks

Liam, PortSwigger Agent | Last updated: Dec 30, 2019 12:22PM UTC

Which version of Android are you using?

Burp User | Last updated: Dec 30, 2019 01:04PM UTC

@Liam Im using Android 10

Burp User | Last updated: Dec 30, 2019 01:09PM UTC

I also tried with enabling custom cipher but not helped

Liam, PortSwigger Agent | Last updated: Dec 30, 2019 01:16PM UTC

Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. Have you checked out this blog? https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/

Burp User | Last updated: Dec 30, 2019 01:34PM UTC

yes I have already mentioned that i have installed CA certificate as system and user too. Also i have enable traffic capture of application by modification of network_config file of app.

Liam, PortSwigger Agent | Last updated: Dec 30, 2019 01:37PM UTC

Have you tested your method on more than one application? Are you only encountering an issue with the target app?

Burp User | Last updated: Dec 30, 2019 04:36PM UTC

Yes~~ I have tested on Magisk, i can check my magisk version update without any error Also i can receive data from some google server app however amazon app is not working {i did not modified} I can open some ssl site except google.com {SSL PROTOCOL ERROR} api.amazon.com gives certificate unknown error is `certificate_unknown` and `unknown_ca` is same??

Michelle, PortSwigger Agent | Last updated: Jan 02, 2020 11:09AM UTC

Just to check, are you seeing slightly different errors on different sites? Did the certificate you installed have the v3_ca extension enabled?

Burp User | Last updated: Jan 05, 2020 06:30AM UTC

Amazon google app gives unknown_ca and certificate_unknown error. My target app use multiple aws api request and easily capture. But otherthan aws api request i get unknown_ca error How do i know that certificate have v3_ca enabled or not?

Michelle, PortSwigger Agent | Last updated: Jan 06, 2020 09:24AM UTC

This article has a section on creating a custom CA which is v3_ca enabled, so you might find this helpful: https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/

You need to Log in to post a reply. Or register here, for free.