Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I use PKCS#11 under Windows?

Nicolas | Last updated: Nov 01, 2017 11:10AM UTC

Hello, I got an interesting question during a training: which combo of OS and JVM should be used in order to use PKCS#11 certificates under Windows with recent versions of Burp Suite? I looked at the documentation and am somewhat puzzled by my findings: - "Java does not currently support PKCS#11 on 64-bit versions of Windows" https://portswigger.net/burp/help/options_ssl.html - "project files feature is not available on 32-bit platforms" http://blog.portswigger.net/2016/04/introducing-burp-projects.html So, if I understood correctly, a 64-bit JVM in needed to use projects, but a Windows 64-bit JVM can't use PKCS#11 certificates. Is that correct? If yes, is there alternative solutions to switching to Mac or Linux? Note: I also looked at ZAP. Running a 32-bit JVM in a 64-bit Windows OS with 64-bit PKCS#11 drivers seem to do the trick: https://groups.google.com/forum/#!topic/zaproxy-users/PiH5lDDrXWA But they don't have the limitations related to Projects. Thanks in advance, Nicolas

PortSwigger Agent | Last updated: Nov 01, 2017 11:17AM UTC

Hi Nicolas, Thanks for your message. Fortunately, 64 Java does now support PKCS#11, it's been available since J8b49. I've asked our web team to update the documentation. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 01, 2017 12:02PM UTC

Thanks for the prompt feedback (and the good news!), but I've no idea what is Java 8b49 (and Java 8u49 doesn't exist). I also looked at the Java 8 changelog, and found no references to PKCS#11. Do you know exactly which versions of Java 8 support PKCS#11 in a 64-bit environment?

PortSwigger Agent | Last updated: Nov 01, 2017 12:03PM UTC

Hi Nicolas, Not 100% sure on the version, I just took that from here: - https://stackoverflow.com/questions/8056818/accessing-hardware-pkcs11-token-on-a-64-bit-machine I suggest you use the latest Java 8 anyway.

Burp User | Last updated: Nov 01, 2017 12:14PM UTC

Responding to myself: the change was implemented in JEP-131 which was closed in June 2017: http://openjdk.java.net/jeps/131 So the feature was probably introduced in versions >= JDK 8u141. I'll have to test that...

PortSwigger Agent | Last updated: Nov 01, 2017 12:28PM UTC