Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Proxy server for updates

Nigel | Last updated: Sep 11, 2020 02:13AM UTC

Hi there! Can't get a zScaler proxy working with anonymous logins (SSL inspection disabled) 2020-09-11 12:07:33 WARN e.p.e.s.alerts.AlertFailureListener - Failed to connect securely to server https://portswigger.net:443//Burp/Releases/CheckForUpdates. [HttpClient@6a29bb34-1108923] 2020-09-11 12:07:33 INFO n.portswigger.enterprise.server.a.a - Sending email for alert: SECURE_CONNECTION_FAILED [HttpClient@6a29bb34-1108923] 2020-09-11 12:07:33 ERROR n.p.enterprise.server.update.o - Non connection error when checking for updates. [ForkJoinPool.commonPool-worker-1] java.util.concurrent.ExecutionException: java.io.EOFException: HttpConnectionOverHTTP@447e9d26::DecryptedEndPoint@299d62cc{zproxy.apac.xxx.corp/165.225.114.26:80<->/172.26.128.81:62569,CLOSED,fill=-,flush=C,to=5/120000} at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:683) at net.portswigger.enterprise.server.update.o.a(Unknown Source) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1692) at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:283) at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1603) at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175) Caused by: java.io.EOFException: HttpConnectionOverHTTP@447e9d26::DecryptedEndPoint@299d62cc{zproxy.apac.xxx.corp/165.225.114.26:80<->/172.26.128.81:62569,CLOSED,fill=-,flush=C,to=5/120000} at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.earlyEOF(HttpReceiverOverHTTP.java:338) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1551) at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.shutdown(HttpReceiverOverHTTP.java:209) at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:147) at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:155) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:144) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.base/java.lang.Thread.run(Thread.java:844) 2020-09-11 12:07:33 INFO n.p.enterprise.server.update.j - About to notify update: null [ForkJoinPool.commonPool-worker-1] In the webserver.log file: 2020-09-11 00:17:02 [qtp1175588866-249583] WARN org.eclipse.jetty.util.URIUtil - /%80../%80../%80../%80../%80../%80../windows/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte 80 in state 0 2020-09-11 00:17:02 [qtp1175588866-249583] WARN org.eclipse.jetty.util.URIUtil - /%80../%80../%80../%80../%80../%80../winnt/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte 80 in state 0 2020-09-11 00:17:02 [qtp1175588866-248783] WARN org.eclipse.jetty.util.URIUtil - /%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./windows/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte C0 in state 0 2020-09-11 00:17:02 [qtp1175588866-249583] WARN org.eclipse.jetty.util.URIUtil - /%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./winnt/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte C0 in state 0 2020-09-11 00:17:03 [qtp1175588866-248783] WARN org.eclipse.jetty.util.URIUtil - /%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/windows/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte C0 in state 0 2020-09-11 00:17:03 [qtp1175588866-314717] WARN org.eclipse.jetty.util.URIUtil - /%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/winnt/win.ini org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte C0 in state 0 2020-09-11 07:48:52 [qtp1175588866-317728] INFO n.p.e.s.ExternalHttpClientService - Updating HTTP client to use proxy zproxy.apac.xxx.corp:80 2020-09-11 07:54:03 [qtp1175588866-310193] INFO n.p.e.s.ExternalHttpClientService - Updating HTTP client to use proxy zproxy.apac.xxx.corp:80 2020-09-11 07:54:10 [qtp1175588866-317726] ERROR n.p.enterprise.common.rest.c.a - Couldn't check for enterprise update received status 400 and response {"code":1,"error":"Non connection error when checking for updates."} 2020-09-11 07:57:08 [qtp1175588866-317803] ERROR n.p.enterprise.common.rest.c.a - Couldn't check for enterprise update received status 400 and response {"code":1,"error":"Non connection error when checking for updates."} 2020-09-11 07:57:40 [qtp1175588866-317802] ERROR n.p.enterprise.common.rest.c.a - Couldn't check for enterprise update received status 400 and response {"code":1,"error":"Non connection error when checking for updates."} Any ideas why? Cheers, Nigel

Uthman, PortSwigger Agent | Last updated: Sep 11, 2020 08:08AM UTC

Hi Nigel, Can you please send the full logs to support@portswigger.net? It looks like your proxy server is failing to connect to portswigger.net on port 443 (i.e. using HTTPS). Have you tried whitelisting the appropriate URLs? - https://help.zscaler.com/zia/whitelisting-urls

Nigel | Last updated: Sep 11, 2020 10:06PM UTC

Turns out this was still having SSL-inspection enabled, so we got the zScaler Root Certificate. It would need to be imported into the Java certificate store on Tomcat. Thanks for your help! Cheers, Nigel

Ogle, | Last updated: Jul 26, 2022 07:43PM UTC

I'm having the same issue with Burp Professional. How do you import the Zscaler Root CA cert into the Java cert store that Burp uses? My update does not work without disabling the ssl-inspection for portswigger.net and portswigger-cdn.net.

Hannah, PortSwigger Agent | Last updated: Jul 28, 2022 01:33PM UTC

Hi You can find the path for your JDK by going to "Help > Diagnostics" within Burp and looking at the path specified by "java.home". From there, you would need to use keytool to import the certificate into the truststore contained in the "lib/security/" folder.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.