Burp Suite User Forum

Login to post

We still cannot get the API to connect to Burp Suite Enterprise

Glenn | Last updated: Jun 07, 2021 01:04PM UTC

This is a continuation of two other posts dealing with the same error report from Burp Suite Enterprise. We have actually changed the Certificate we are using and still get exactly the same error response. Here is what we did, we got a new certificate, but this time from Digicert and I set it up as the certificate to use for Burp Suite Enterprise. Everything works fine using the Burp Suite website and using Postman to access the website via GraphQL. However, when I run a C# program against the GraphQL API I get an error complaining about the certificate. I have checked the TLS certificate store and the Digicert trust relations are in the store. The program I am running works just fine from my workstation, but we need to have this run from the server machine I am trying to have it run with. What information can I send you to try to get this problem solved? Thanks, Glenn

Glenn | Last updated: Jun 07, 2021 01:56PM UTC

I just put together a quick test that attempts to use the REST API to get scan results. It fails the same as the GraphQL test. Here is the source code that fails: using System; using System.IO; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration.Json; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using Newtonsoft.Json.Serialization; using Newtonsoft.Json.Converters; using RestSharp; namespace BurpSuiteRest { class Program { static public string RestUrl = "https://nj3bse1.mathematica.net:8079/api/9WjGYkGuyk1X9Zb3Ttbw6HJk4a1PDLFL/v0.1/scan/3120"; static void Main(string[] args) { var client = new RestClient(RestUrl); var response = client.Execute(new RestRequest()); string ret = response.Content; Console.WriteLine($"{ret}"); Console.ReadKey(); } } As you can see it all it does is tries to get the results of a previous scan. It works fine on my workstation but fails on the server machine.

Liam, PortSwigger Agent | Last updated: Jun 08, 2021 07:20AM UTC

Hi Glen Is this a continuation of this issue? - https://forum.portswigger.net/thread/i-am-having-a-problem-getting-a-graphql-call-to-be-processed-by-our-burp-suite-enterprise-a953216c

Glenn | Last updated: Jun 08, 2021 09:29AM UTC

Hi Liam, Yes it is. Glenn

Glenn | Last updated: Jun 08, 2021 12:14PM UTC

I just noticed something that may be causing the problem. We don't run Java at Mathematica unless we must. So we have it installed on the Burp Suite Enterprise server, but it was not installed on the server that cannot connect to to the BSE server. I am right now trying to see if I can install the CA certificates into the java keystore and if that might fix this problem.

Liam, PortSwigger Agent | Last updated: Jun 09, 2021 08:13AM UTC

Thanks for the update, Glenn. Let us know if that helps.

You need to Log in to post a reply. Or register here, for free.