5

I am conducting web application pentest in which all the traffic will go through BurpSuite. In addition, SOCKS proxy is used so all the requests are sending out from a fix company IP address.

However, I encounter a problem recently. Some specific website fail to load when proxy through Burp, just keep on connecting. The website loads completely fine when no proxy in use. I don't think the website has block my company's IP address from accessing because my colleagues are able to access to the site.

So what's preventing me from accessing? Will it be MAC address?

Attached the output from Burp's alert tab. Output from Burp's alert tab

Traveller
  • 103
  • 1
  • 2
  • 8
  • 5
    Are these websites HTTP or HTTPS? If it is HTTPS, HSTS and certificate pinning might prevent you from MiTM-ing the connection. – void_in Jan 13 '16 at 08:34
  • Yes, they are HTTPS. Thanks for pointing me to the right direction. Will do a read up on this. – Traveller Jan 13 '16 at 09:33
  • 1
    You could try settings your browser to use the SOCKS proxy without burp to see if there are any helpful errors generated, which might give you some more info. Also if you put a note of the SSH command your using to do the SOCKS proxying (I'm assuming here that's what you're doing..) that could be useful – Rory McCune Feb 13 '16 at 17:12

2 Answers2

1

As void_in said, it can be HSTS or HPKP. You can bypass those by disabling browser security.

$ google-chrome --disable-web-security --ignore-certificate-errors
user1285245
  • 111
  • 1
0

Likely, more information is needed to properly answer. You could, however, add the site you are trying to access to the SSL Pass Through list in the Burp proxy options. This has the consequence of losing the ability to inspect request and response in Burp, but it will let you access the site while still using the burp proxy. You can read more about Burp's SSL Pass Through feature here:

PortSwigger Web Security Blog - SSL Pass Through

The SSL Pass Through options can be found under the Proxy > Options tab.

Based on your Alerts tab output, you may have to further alter the SSL settings in Burp under the Options > SSL tab. You can try enabling protocols and ciphers that are not currently enabled, or changing the options in the SSL Negotiation Workarounds section.

Jason Higgins
  • 647
  • 4
  • 8
  • Thanks Jason. I can't find the SSL Pass Through feature in Burp though. I have included the output received in Burp's Alerts tab. It says "Attempting to auto-select SSL parameters for www.example.com" but never get back after that. – Traveller Jan 14 '16 at 03:35
  • I have edited my answer. – Jason Higgins Jan 14 '16 at 15:33
  • I have tried the above suggestion but still not working. I found that it's got something to do with SOCKS proxy. Traffic will go through Burp when SOCKS proxy is not in used. So I guess it is not the problem of Burp perhaps? – Traveller Jan 15 '16 at 06:17
  • This sounds like the case. I will leave my answer as is in case it is found useful by anyone else with SSL issues. – Jason Higgins Jan 15 '16 at 17:55