BURP’s proxy tool and the case of the missing cipher suites
During a recent iOS application penetration test, I was attempting to proxy network traffic using the BURP proxy tool. In doing so, I configured my device to use BURP as proxy, and voila, I was able to see the traffic (oh, the joys of certificate pinning).
However, my excitement was short-lived. I noticed that I wasn’t receiving responses from the application server. Additionally, the “Alert” tab within the application continuously displayed a message reading, “Failed to connect to bogusdomain.com.” What was going on?
Troubleshooting the issue
Not quite sure how to proceed, I consulted my old friend, Google. In searching “troubleshoot BURP failed to connect,” I received thousands of issues in my search results. As I began sorting through several of the issues, I stumbled across one that read “BURP proxy tool missing cipher suites.”
Upon clicking, I immediately opened my BURP application, navigating to the SSL selection within the “Project Options” tab. There, I noticed that several of the cipher suites were listed along with the TLS/SSL protocols that are supported by BURP.
Discovering enabled cipher suites
To get a better idea of the cipher suites supported by the application server, I ran a basic sslscan scan to test the client’s server. I noticed that only the following cipher suites were enabled within the application.
Cipher suites supported by bogusdomain.com
Within the BURP application, I noticed that these cipher suites were missing from the supported SSL ciphers. What does this mean? Well, it turns out that these cipher suites are restricted by U.S. export restrictions. Additionally, they’re not distributed with the standard Java runtime environment (JRE).
Resolving the issue
To resolve the issue, first navigate to the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files and download the associated zip file. Unzip the file and copy its contents. Next, navigate to the directory in which you installed BURP. Paste the contents into /BurpSuitePro/jre/lib/security. Close the BURP application and restart the computer.
Now you should be able to proxy the traffic normally.
Need help perfecting your aim?
