As an example, suppose you encounter a domain where you are not able to get your client device to negotiate SSL correctly. This should be obvious enough in the client, and Burp will also alert you:
To work around this problem, you can add the problematic server to Burp's SSL pass through list:
Requests to this server will now pass straight through Burp, and your client can connect in the normal way.
The option to automatically add entries to the SSL pass through list on client SSL negotiation failure can be useful if you aren't sure exactly which domains the application is using, and don't want to have to manually populate the list. If you enable this option, then if your client fails to negotiate SSL connections with any other servers, these will be automatically added to the list, and Burp will alert you:
It is not recommended to generally enable the automatic addition of pass through servers automatically, because if your client happens to encounter a one-off problem that causes it to fail an negotiation, then no further SSL connections to that host will be intercepted, until you remove the server from the pass through list.
1 comment:
At times, I will be testing a site and burp will crash. Happens. When I load up a new burp instance, and try to access that same site (HTTPS) Firefox will have problems verifying the identity, or even pulling down a certificate. So the "Add Exception" option is grayed out. Burp logs say "The client failed to negotiate an SSL connection to..." Very frustrating. TURN OFF CACHING on Firefox. I can't explain the details on this bug, however it solves the problem.
Post a Comment