0

I'm trying to intercept a mobile traffic of an android app I built using burp suite. I connect the mobile device to burp proxy, and install the CA. But I get a protocol error message, and couldn't see the traffic at the Proxy tab.

1563960835366 Error Proxy [389] The client failed to negotiate an SSL connection to galon.io:443: The client supported protocol versions [TLSv1.3, (D)TLS--5.26] are not accepted by server preferences [TLS12, TLS11, TLS10, SSL30, SSL20Hello]

I use burp suite community edition on a osx and downloaded the latest dmg file (version 2.1.01). And marked the TLSv1.2 in the Project options->SSL tab (in the tab: SSL Negotiation->SSL Protocols).

I would appreciate any help.

Nirgn
  • 101
  • 3
  • 1
    Your are attempting to use client software that only supports TLSv1.3 which is higher than the maximum version the server is offering and datagram TLS which the server here doesn't support at all. This is your problem you will either need to reconfigure the client to support TLSv1.2 if possible or configure the server to support TLSv1.3 negotiation will simply fail unless both declare at least one supported protocol in common. Of course the means to do this will be software specific so I would suggest consulting the documentation for your client and server software to determine how to do this. – MttJocy Jul 24 '19 at 10:37
  • But how do I tell Burp suite to use TLSv1.2? As I said, I marked it in `Project options`->`SSL` tab. What else am I missing? – Nirgn Jul 24 '19 at 11:41
  • Your server is using TLSv1.2 I presume that is burp suite right since you mentioned that you have that running on an OSX host and are trying to capture traffic from a mobile device. It's the client side which I presume is the mobile device you mention that is not supporting TLSv1.2 honestly if you want anyone to be able to help further here you should really edit your question and give a more complete description of your mobile setup (OS, device, apps you are trying to capture etc). Seems since burb suites proxy doesn't support v1.3 on it's client interface downgrading the client is the key. – MttJocy Jul 24 '19 at 11:53
  • According to https://support.portswigger.net/customer/portal/questions/17566283-enable-tlsv1-3-support as of May "TLS1.3 ... is disabled betwen the browser [which here includes other clients] and Burp, this is due to some errors encountered during testing." @MttJocy: in order to see and report a _list_ of client versions including an invalid/GREASE one, as Burp did, it must be using 1.3-capable JSSE in Java11+, but the list of preferences as shown excludes 1.3 so it refuses the request. – dave_thompson_085 Jul 25 '19 at 05:51
  • @dave_thompson_085 Fair point, I did come across that myself later which is why I suggested the OP give more information on the client side so that we could see whether getting the client to downgrade it's request and accept TLSv1.2 is a possibility that's what I was hinting at in my last comment but was running low on chars. – MttJocy Jul 25 '19 at 08:21

0 Answers0