Burp Suite User Forum

Login to post

Remote host terminated the handshake

William | Last updated: May 20, 2020 09:59AM UTC

I'm trying to proxy some communication for an app on iOS. Unfortunately the app in question errors out with "The client failed to negotiate a TLS connection to site[.]com:443: Remote host terminated the connection" I've followed https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-ios-device but it didn't fully solve my problem.

Hannah, PortSwigger Agent | Last updated: May 20, 2020 01:41PM UTC

Hi. Could you tell me the version of Burp Suite you are using, and whether you are using the platform version or the standalone JAR file?

William | Last updated: May 21, 2020 05:01AM UTC

Platform Version 2020.4.1 on macOS 10.14.6

Hannah, PortSwigger Agent | Last updated: May 21, 2020 07:18AM UTC

Could you try disabling TLSv1.3? You can do this by going to "Project options > TLS > TLS negotiation > Use custom protocols and ciphers > Uncheck TLSv1.3".

William | Last updated: May 21, 2020 07:51AM UTC

Hello Hannah, I disabled TLSv1.3 as recommended, but it is still failing with the same error.

Hannah, PortSwigger Agent | Last updated: May 21, 2020 08:18AM UTC

Hi William Could you try running Burp Suite with Java 14? You will likely need to re-enable TLSv1.3. You can check the version of Java that Burp Suite is currently using by going to "Help > Diagnostics". The default version provided with the platform version of v2020.4.1 is Java 13. Are you able to proxy any traffic from your mobile device?

William | Last updated: May 21, 2020 10:31AM UTC

Hello Hannah, I am able to proxy some of the traffic, but not for all apps. I tried it with AdoptOpenJDK 14, but the error is still the same. ``` »»»» java --version openjdk 14 2020-03-17 OpenJDK Runtime Environment AdoptOpenJDK (build 14+36) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 14+36, mixed mode, sharing) »»»» java -jar "/Applications/Burp Suite Professional.app/Contents/java/app/burpsuite_pro.jar" Your JRE appears to be version 14 from AdoptOpenJDK Burp has not been fully tested on this platform and you may experience problems. WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by burp.dc (file:/Applications/Burp%20Suite%20Professional.app/Contents/java/app/burpsuite_pro.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of burp.dc WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release ```

Hannah, PortSwigger Agent | Last updated: May 22, 2020 07:47AM UTC

Have you tried using the mobile assistant or an appropriate extension? - https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant - Brida, Burp to Frida bridge (https://portswigger.net/bappstore/2c0def96c5d44e159151b236de766892)

Manu | Last updated: Sep 30, 2021 05:54PM UTC

Hey Hannah, I am having the same issue. Here is my configuration. java.runtime.name OpenJDK Runtime Environment java.runtime.version 15.0.2+7-27 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 15 java.vendor Oracle Corporation java.vendor.url https://java.oracle.com/ java.vendor.url.bug https://bugreport.java.com/bugreport/ java.version 15.0.2 java.version.date 2021-01-19 java.vm.compressedOopsMode Zero based java.vm.info mixed mode java.vm.name OpenJDK 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 15 java.vm.vendor Oracle Corporation java.vm.version 15.0.2+7-27 For mobile assistant the url suggests that we should have jailbreak iphone. So, does that mean that we cannot test ios app with normal iphone (without jailbreak)

Manu | Last updated: Sep 30, 2021 05:54PM UTC

Hey Hannah, I am having the same issue. Here is my configuration. java.runtime.name OpenJDK Runtime Environment java.runtime.version 15.0.2+7-27 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 15 java.vendor Oracle Corporation java.vendor.url https://java.oracle.com/ java.vendor.url.bug https://bugreport.java.com/bugreport/ java.version 15.0.2 java.version.date 2021-01-19 java.vm.compressedOopsMode Zero based java.vm.info mixed mode java.vm.name OpenJDK 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 15 java.vm.vendor Oracle Corporation java.vm.version 15.0.2+7-27 For mobile assistant the url suggests that we should have jailbreak iphone. So, does that mean that we cannot test ios app with normal iphone (without jailbreak)

Hannah, PortSwigger Agent | Last updated: Oct 04, 2021 03:04PM UTC

Hi If simply proxying your mobile device is not getting the traffic you want, then you may need to use different methods. To use the mobile assistant, you will need to have a jailbroken device. To use the "Brida, Burp to Frida bridge" extension, you will need an iOS or Android device with the frida-server running on it (root privileges on the device required) or an application patched with Frida's Gadget (root privileges on the device not required).

You need to Log in to post a reply. Or register here, for free.