Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to bypass CRL validation

Nghi | Last updated: Jun 16, 2021 10:29PM UTC

Hi all, I am running into an issue when using an invisible burp proxy. My app couldn't communicate with my server through the invisible burp proxy due to below error message. I guess my app failed to validate CRL info of the burp's cert when it reached the burp proxy in the first requests. Did anyone face the issue? Many Thanks. message = schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

Uthman, PortSwigger Agent | Last updated: Jun 17, 2021 10:22AM UTC

Hi Nghi, Previously, a user managed to get this working by creating their own CA + Intermediate CA incl. own OCSP responder using OpenSSL, adding the CA certificates to the Windows certificate store, creating a server cert for the server in charge and adding that to Burp. Alternatively, you could try modifying the source code to change how the call for schannel is implemented. We have a feature request in our backlog to address this issue so we will update this thread if/when that is implemented.

Tiho | Last updated: Jan 24, 2022 03:18PM UTC

According to https://github.com/mitmproxy/mitmproxy/issues/3140 sometimes it helps to just have an url inside , which does not need to answer. So it could be done in 2 steps. Just fill in a dummy value first and if you have time, implement a proper implementation that replies on the url given in the cert.

Tiho | Last updated: Jan 24, 2022 03:18PM UTC

According to https://github.com/mitmproxy/mitmproxy/issues/3140 sometimes it helps to just have an url inside , which does not need to answer. So it could be done in 2 steps. Just fill in a dummy value first and if you have time, implement a proper implementation that replies on the url given in the cert.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.