Burp Suite User Forum

Create new post

Remote host connection closed during handshake

Garry | Last updated: Jan 18, 2018 06:57AM UTC

Hi , Burp is not intercepting traffic when I am accessing app via company n/w with proxy However, when I am connected to my home n/w ( no proxy) I am able to intercept in Burp. Can you please advise ASAP Rds, Garry

PortSwigger Agent | Last updated: Jan 18, 2018 08:30AM UTC

Hi Garry, Thanks for your message. It sounds like when you're on the company network you need to configure an Upstream Proxy within Burp. There's some information here: - https://support.portswigger.net/customer/portal/articles/2363078-burp-suite-options-upstream-proxy-servers Please let us know if you need any further assistance.

Burp User | Last updated: Jan 19, 2018 09:26AM UTC

I did configure the upstream proxy' but still it shows " Remote host closed connection during handshake" Below is the request sent to burp. Host name is removed GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: .......com Connection: close Cookie: COOKIE_SUPPORT=true Please advise

PortSwigger Agent | Last updated: Jan 19, 2018 09:55AM UTC

Hi Garry, First thing to establish is whether you can access any sites. Can you access: http://example.com/ https://portswigger.net/ It may be that you need to provide authentication details to your corporate proxy - which may be your desktop login details.

Burp User | Last updated: Jan 20, 2018 01:30PM UTC

Hi Paul , I able to access and intercept all the sites with corporate proxy set except our "intranet" site I have set Basic authentication details with upstream proxy set But no success. Can you at least tell me typical scenarios in which case this particular error appears ? I can think of one reason that is interception blocked by company firewall Regards, Garry

PortSwigger Agent | Last updated: Jan 22, 2018 08:23AM UTC

Hi Garry, Thanks for following up. It sounds like to access your Intranet site you need to have the corporate proxy turned off. You can configure this in Upstream Proxy Servers by creating two rules. The first is for the host name of your Intranet site with no proxy, the second with * and your proxy details set. If you have access to a machine with the proxy settings from before you configured Burp, read through these in detail. Many enterprise systems use a "Proxy auto config" file that specifies different proxies for different destinations. There are three main reasons for the error you describe: 1) The destination site doesn't work 2) A proxy is needed to access it 3) A firewall is blocking the connections Please let us know if you need any further assistance.

Burp User | Last updated: Jan 22, 2018 11:38AM UTC

Thanks Paul, Issue not resolved. Looks like the intranet site works without proxy hence interception possible without upstream proxy BTW - complete error was : javax.net.ssl.SSLException:Remote host closed connection during handshake. Anyways, this thread is closed now. Regards, Garry

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.