Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Secure connection failed with proxy enabled

DBS | Last updated: Nov 05, 2023 03:07PM UTC

When I try to access sites with HSTS implemented I get this error: Secure connection failed An error occurred while connecting to www.google.com. The page you are trying to view cannot be displayed because the authenticity of the data received could not be verified. Contact the website owners to inform them of this problem. I had a previous error that I solved(https://forum.portswigger.net/thread/websites-with-hsts-implemented-dont-let-me-access-it-with-burpsuite-firefox-e30d0c89)and after solving it I get this error. The solution to the error I just mentioned was to install the burp cert as root in the system could this be related to the new error? I have to mention that this happens with proxy enabled

Ben, PortSwigger Agent | Last updated: Nov 06, 2023 12:20PM UTC

Hi Daniel, Just to clarify, this is happening for all HTTPS sites that you attempt to browse when proxying your traffic through Burp? Does this work if you take Burp out of the chain and simply use your vanilla browser without proxying your traffic? Are you using any software on your machine that might be performing SSL inspection (some anti-virus software will do this)?

DBS | Last updated: Nov 06, 2023 03:46PM UTC

Yes,it only happens with https websites when I proxy the traffic and no,when I don't use the proxy it works fine. I have eset antivirus,I tried disabling it and it still gives me the same error.

Ben, PortSwigger Agent | Last updated: Nov 07, 2023 12:19PM UTC

Hi, Are you absolutely sure that the entirety of ESET is disabled when you see this issue? Out of interest, if you use the embedded browser (available via the Proxy -> Intercept -> Open browser button within Burp) does this allow you to successfully proxy HTTPS sites?

DBS | Last updated: Nov 07, 2023 02:38PM UTC

Yes,I also disabled the Internet Protection and the PC protection of ESET after disabling ESET to be extra sure. Well I also have a problem with the embedded browser,when I open it and search for something,after searching it doesn't show me anything it just shows me a white space with the search bar above the white space

Ben, PortSwigger Agent | Last updated: Nov 08, 2023 08:27AM UTC

Hi, Are you able to provide us with a screenshot of what you see when you attempt to use the embedded browser (if it is easier to do this via email then please feel free to email us at support@portswigger.net and we can take a look from there)? In addition to this, are there any messages in the 'Event log' on the Dashboard tab of Burp when you attempt to browse to a site using the embedded browser? What you have described sounds suspiciously similar to the behaviour that we have seen in the past where ESET is interfering with the browser and the browser binary file needs to be whitelisted within ESET so it would be useful to see this exactly.

DBS | Last updated: Nov 08, 2023 02:39PM UTC

Hey, I just sent 2 emails to the email you gave (I forgot to send what appeared on the burp browser and I just sent the error)me if by any means you don't receive the email/can't find it I'm just going to leave the error below Type:Error Source:Proxy Message:[2] HTTP/2 stream error on 127.0.0.1:8080 - Flow control limits exceeded

DBS | Last updated: Nov 08, 2023 07:07PM UTC

Hello,I just solved the problem,the problem was in the HTTP/2. I had to remove http/2 support on the listener. Thanks for trying to solve my problem!

Dominyque, PortSwigger Agent | Last updated: Nov 09, 2023 07:42AM UTC