Burp Suite User Forum

Create new post

Received fatal alert: bad_record_mac

Sridevi | Last updated: Feb 18, 2015 03:44AM UTC

When https request is proxied via burp, bad_record_mac error is shown in Firefox. Alerts tab in burp shows - javax.net.ssl.SSLException: Received fatal alert: bad_record_mac

PortSwigger Agent | Last updated: Feb 18, 2015 01:42PM UTC

Can you try reinstalling the Burp CA certificate in Firefox? You'll need to first delete the existing certificate (if installed), and then install the current one. Detailed instructions are here: https://support.portswigger.net/customer/portal/articles/1783088-Installing_Remove%20CA%20Certificate%20-%20FF.html https://support.portswigger.net/customer/portal/articles/1783087-installing-burp-s-ca-certificate-in-firefox

Burp User | Last updated: Feb 22, 2015 08:25AM UTC

That did not help. I am seeing this error for every user that is trying to use the website.

PortSwigger Agent | Last updated: Feb 23, 2015 10:21AM UTC

I'm not sure what you mean by "every user that is trying to use the website". You are seeing these errors in Burp when you try to proxy HTTPS, so you are the person affected, yes? Is this happening for any HTTPS website you visit, or just one/ some?

Burp User | Last updated: Feb 23, 2015 06:53PM UTC

It is happening for my application website. Other https websites are fine.

PortSwigger Agent | Last updated: Feb 24, 2015 08:51AM UTC

Ok thanks. It is possible that this is due to quirks in the Java SSL client. Some suggested solutions: - At Options / SSL / SSL Negotiation, disable all protocols and then enable each one on its own in turn, and see if you can connect to your site. - Try using a different version of Java (6 / 7 / 8).

| Last updated: Mar 08, 2015 08:27PM UTC

Hi Dafydd, This is Luca. This issue got escalated to me since it's affecting a considerable amount of folks. I'll send you an email soon, containing all details collected so far. Unfortunately, it seems a very nasty bug related to SSL session resumption. I would appreciate if you could take a look and provide guidance during the next days. Cheers, Luca

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.