Burp Suite User Forum

Create new post

TSL 1.2

Smith | Last updated: Jan 08, 2018 08:27PM UTC

Hi All, thats my first post on Burp forum! :) I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP. It seems infact the only way to do that, is to configure the system proxy, and Burp Proxy seems very good at that... ;) Unfortunately there is a problem: it all works only when HTTP/S Responses come within seconds. If the Response delays too much, more than half min or so, the relative client goes into timeout, drops the communication and aborts with error. That happens usually when Burp gets busy in waiting for the internet site (very slow) or when the Response is indeed a big file to dl. I have been wandering in your forum, where I guess I understood, the only way to workaround that is by an "extension". So be clear I will come straight to the point, and explain exactly what is the workaround I want to do, with a real-life example. When Burp Proxy receives such a HTTPS Request https://download.skype.com:443 GET /msi/SkypeSetup_7.40.0.104.msi HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: download.skype.com Connection: close Cache-Control: no-cache Then Burp detects the filename and triggers a different behavior: it does NOT open a new connection upstream, but instead it builds a new Response header such as: HTTP/1.1 200 OK Content-Length: 45522944 Content-Type: application/octet-stream Content-MD5: 5T+nTDSkNyPrzKr/tzEyRw== Last-Modified: Sat, 21 Oct 2017 14:13:44 GMT ETag: 0x8D5188DF08F22FF Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 0ce7bea1-001e-00a9-0e82-511584000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Cache-Control: max-age=86400 Date: Mon, 08 Jan 2018 02:01:34 GMT Connection: close And then loads the body binary content from a local file (somewhere on local media) called "SkypeSetup_7.40.0.104.msi", appends it to the header Response, and sends all straight to the client. Since I have no experience in Burp "extension", and my programming skills are limited, my question is: - Is there a public Burp "extension", which makes already smtng similar, so I can copy it and modify myself (to make this workaround)? Thanks

PortSwigger Agent | Last updated: Jan 09, 2018 10:56AM UTC

Hi, Thanks for your message. Burp is probably not the best tool for provide TLS 1.2 support to Windows XP clients. It's more intended for testing and debugging, and you're likely to encounter all sorts of problems using it like you are. Regarding your extension request, I believe this would be possible using the Burp Extender API. However, I'm not aware of an extension that currently does this.

Burp User | Last updated: Jan 09, 2018 11:58AM UTC

Hi, thank you for your answer :) I'm definitely able to do some Java programming, such as building a custom string as Response header, load an external bin file, and append it as body to the header. What I'm NOT able to do is, to trigger Burp Proxy to detect the filename pattern in the client Request, and then how to send the new header+body back to the client as Response. Can someone please send me a backbone of the method needed to catch the incoming string Request, and the method needed to send the custom Response back? Thanks

PortSwigger Agent | Last updated: Jan 09, 2018 12:04PM UTC

Hi, You can hook a proxy message by creating an IProxyListener and registering it. Inside processProxyMessage() you can't immediately return a response. But you can modify the incoming message and redirect it to a local web service. Your extension can run an local HTTP server and return the responses you want. While not the most elegant solution, this does work.

Burp User | Last updated: Jan 09, 2018 11:48PM UTC

Hi Paul, all perfectly clear, thank you :) Programming a dedicated HTTP/S server in Java for the sole purpose to feed TSL 1.2 on Xp, was actually my original project. Then I thought, why I'm wasting my time in doing smtng new, when there is already my buddy Burp doing this much better already..? ;) The Burp version I'm still using (proudly!) is the 1.4, which didn't have a mature "extensions" support indeed. But after 7 years, I would have absolutely bet, the newest version of Burp had this feature finally... well, you can never say the things of life isnt it :) Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.