Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Java Error Occured during Pentesting on .jsp webpage

Cybernewbie | Last updated: May 29, 2018 07:34AM UTC

I have been prompted with the below java error on doing the Security testing with help of burp suite scanner to test for vulnerabilities . I would like to inform that response code of response is 400, 404 etc and session is available even after severe testing . I would like to know on how to pertained with issue in this case on client side or server side end. Please clarify me the doubts in this case? "java.net.SocketException: Software caused connection abort: recv failed" and " java.net.SocketException: Software connection reset" in Burp tool alert How can go ahead on resolving this issue?

PortSwigger Agent | Last updated: May 29, 2018 07:42AM UTC

This error is a symptom of overload, either on the server, or your workstation. A good way to check if the server is overloaded is to try accessing the application from another computer. In general, what you need to do is reduce the intensity of the scan. In Scanner > Options > Active Scanning Engine. There is an option for "Concurrent request limit" Try reducing this somewhat. The default is 10; if you've previously increased it, try going back to 10. Otherwise, try reducing it to 5. There is a similar setting in Spider > Options > Spider Engine. If you're still having difficulty, it would be helpful to know a bit more about the client and server OS and other software.

Burp User | Last updated: May 30, 2018 09:34AM UTC

Hi Paul Thanks for your help. I even tried it with less “Concurrent request limit” Try reducing it to 1 or 2 . Even after that it is prompted with an issue amd same with spider . I'm having issue while doing an automated scan with .JSP webpages resulted in frequent failure in Alert tabs & 404,400 in logger++. Also attempted with latest java install. It seems that client OS is windows 7 & server OS is 2008R2. Let me know , if you can able to provide an solution . I also an another link it indicates due to database error : https://javarevisited.blogspot.in/2016/01/javanetsocketexception-software-caused-connection-abort-recv-failed.html Let me know , how this can be related in this case.

PortSwigger Agent | Last updated: May 31, 2018 08:02AM UTC

Hi Cybernewbie, As this issue is occurring when you greatly reduce concurrent requests and threads, it may be that there is a web application firewall or other security device that is detecting the scan and blocking it. Are you able to speak to the network admin to discover if this is the case? They may be able to add your IP address to a whitelist. If not, unfortunately Scanner does not work well when such a device is in place. You will be mostly limited to manual testing. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.