3

I'm using BurpSuite to intercept the HTTP/HTTPS requests sent when logging in on https://www.nike.com/. I'm trying to achieve this with the following step:

  1. Opening BurpSuite and Firefox

  2. Turning on the proxy intercept

  3. Turning on FoxyProxy on Firefox

  4. Opening the website and trying to logging

These steps usually work for me, but in this case, I'm getting a "we are unable to connect to our servers" error without anything appearing on the intercept tab when trying to logging (I have tried turning off the intercept feature but it still yields the same issue, so I think it might be a proxy and certificate problem).

To clear things up:

  • I'm running the latest versions of BurpSuite and FireFox.

  • I have installed and reinstalled the BurpSuite certificate using this guide.

  • I've tried all of this on my iMac, MacBook and iPhone all of these devices yield the same issue

Here bellow is the error message I'm getting: error message on the website

Here are my BurpSuite Proxy setting: proxy settings

(in the Certificate tab I just have Generate CA-signed per-host certificates selected)

I have been using BurpSuite for over 2 years now and it's the first time I'm facing such an issue, any help is appreciated

I have shared my question with the Portswigger support (the team behind BurpSuite) and got the following response:

Hi

Thanks for your message.

We have reproduced the issue in our testing environment.

It looks like Nike.com are performing a fairly sophisticated check to stop automated tool from accessing parts of their site. Please let us know if you need any further assistance.

Cheers

Liam Tai-Hogan

PortSwigger Web Security

Fozoro
  • 81
  • 1
  • 7
  • 1
    Just tested, on a normal environment everything should work. Maybe the the websites servers were down? – Raimonds Liepiņš Jul 29 '19 at 08:57
  • @RaimondsLiepiņš Thank you very much for your reply! Have you tried logging by clicking "NikePlus Join / Log In To Nike⁠Plus Account" in the top right corner (Feel free to enter a random email and random password). If you already have tried this out may I ask you what browser you are using, I have tried using FireFox and Safari (on iOS) and it yields the same problem. – Fozoro Jul 29 '19 at 09:07
  • As an aside, is there any kind of opsec consideration that you should be applying to this question? –  Jul 29 '19 at 09:58
  • @Fozoro I tried it on Mozilla Firefox – Raimonds Liepiņš Jul 29 '19 at 14:20
  • @RaimondsLiepiņš I have been on this problem for over 7 hours still haven't found a solution do you have any idea on what I could possibly to? here are some additional pictures of my configuration (imgur.com/a/tNjv25e) – Fozoro Jul 29 '19 at 14:21
  • @Fozoro Everything seems to be correct regarding the configuration. Potentially could try looking elsewhere. – Raimonds Liepiņš Jul 29 '19 at 14:24
  • by the way, I'm not getting the following error messages: https://imgur.com/a/4ukGzcu – Fozoro Jul 29 '19 at 14:27
  • Are you using the right Java version? Check under Help > Diagnostics. It should say Java 8 or 1.8, not Java 11. – Sjoerd Aug 05 '19 at 07:50
  • @Sjoerd Hey, thanks for your comment. I just checked the Java version and it seems that I'm on Java 11.0.2 (https://imgur.com/a/VAEzp5h). Is this the issue? I have contacted the team and behind BurpSuite and they told me that it was linked with the security of the website itself. Thank you very much for your help in advance. – Fozoro Aug 05 '19 at 08:42
  • Apparently, OpenJDK 11 is recommended for Burp 2. I have had SSL problems with Oracle JRE 11. – Sjoerd Aug 05 '19 at 09:07
  • @Sjoerd Thanks for your response, so do you have any suggestions? – Fozoro Aug 05 '19 at 11:07
  • have you tried different sniffing tool like fiddler? are there still the same problems? just to determine if burp (or maybe java) is really causing that problem. – Awaaaaarghhh Aug 08 '19 at 15:08
  • @Awaaaaarghhh Yes I have tried using Charles Proxy and got the same issue – Fozoro Aug 08 '19 at 17:48

2 Answers2

2

This problem comes from the configuration of unite.nike.com, which is the domain used to login users. The server replies with a 403 Forbidden response, so the AJAX request fails, and the site displays the "An error occurred" message.

This domain is protected by Akamai, and it seems to have a very strict security configuration to detect MitM / bots: I can't manage to perform a cURL request against it, so this is not a traffic interception issue.

My guess is that the server is detecting a browser-specific fingerprint, though I haven't figured out which one exactly yet.

The Burp Suite team needs to fix their proxy, since it should be as transparent as possible for a remote server.

Since the Postman extension doesn't have any trouble to fetch the page, any browser extension capable of traffic interception should work, since all its requests will be done in a browser environment, likely to preserve the fingerprints which are detected by the server.

Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
  • Thank you very much for your answer I have noticed that this problem might be solved by using invisible proxying (I just have a but of trouble implementing it properly as I can’t listen to the port 443 through burpsuite). If you are familiar with invisible proxying this might be the solution. Thanks for your help in advance – Fozoro Aug 10 '19 at 05:49
  • @Fozoro: Unfortunately I'm not sure how invisible proxying would help here, since it would still remove the browser-specific fingerprints. – Benoit Esnard Aug 12 '19 at 09:19
  • That's a fair point. Do you have an idea on how I can not remove the fingerprint? – Fozoro Aug 12 '19 at 09:30
  • @Fozoro: I would just wait for Burp Proxy authors to fix their proxy. As you can see [in that research](https://jhalderm.com/pub/papers/interception-ndss17.pdf), there are a lot of technical details which can be detected. You can also try other proxies to find which ones aren't detected. – Benoit Esnard Aug 12 '19 at 09:37
  • Thank you very much for your quick reply based on Burpsuite reply (that I included in my question) they told me that it’s more of an issue with nike than with burpsuite (so I’ Not sure if they are planning to fix it any time soon). I would also like to add that I was able to intercept using postman (but I really don’t like the program). What so you mean using “other proxies”. – Fozoro Aug 12 '19 at 09:44
  • @Fozoro It's definitively a bug in Burp Proxy if it can be detected by a webserver in my opinion, so I guess they'll fix it. – Benoit Esnard Aug 12 '19 at 18:40
  • @Fozoro: Were you using the Postman extension, or the Postman app? The first one works in a browser environment, so it should keep the browser fingerprints! I'm not sure how the second one is built, if I remember correctly it's an Electron app so it's kinda a Chrome-like extension I guess? – Benoit Esnard Aug 12 '19 at 18:42
  • Yes I was using the extension! – Fozoro Aug 12 '19 at 18:43
  • @Fozoro: I guess all traffic interception extensions should work then! I can't recommand a specific one, but feel free to search which ones you might like. :) – Benoit Esnard Aug 12 '19 at 19:23
0

"Error network is unreachable (connect failed)", This is an error generated when i dropped the feeding internet-connection of burp was listening on port 8080 and correctly configured in the browser.

Error provided: "An error occured we are unable to connect our servers right now. Please try again later.", it seems that this may be an error that was generated by nike itself, because if it was burp, it would like like above, i think that it has nothing to do with burp nor firefox, also there is some information missing here to reproduce it (that would make this question unclear).

Anyway both errors do have a similar status, above the fact that i don't know the errno of the error you gave, irrespectively how both error's were triggered, but as said i think burp has nothing to do with this problem.

  • Thank you very much for your answer, I’ll try using a different computer today is there any additional information I can provide? The funny thing is that when I stop using the burpsuite proxy the login works perfectly. It stops working when I use the burpsuite proxy. Do you have a clue on how 8 can solve this? – Fozoro Jul 29 '19 at 12:17
  • Can you add technical details like current config in burp etc? –  Jul 29 '19 at 12:21
  • Thank you for the quick reply, here are a couple of photos (https://imgur.com/a/tNjv25e) of the configurations I'm using (do tell me If there are other configurations you want to see). Thanks for your help in advance – Fozoro Jul 29 '19 at 12:37
  • I just tested this out on another computer and I face the same error as before – Fozoro Jul 29 '19 at 13:20
  • I never faced this before, but it can help to reset "Intercept Client Requests" in the Proxy tab then "Options", if it works note that in the question. –  Jul 29 '19 at 13:28
  • Thanks for your reply, are you talking about Restore Defaults (as seen on this image:https://imgur.com/a/Hu5hOdI)? if so I've clicked on it and it seems that the settings that I had before were already the default one? Yeah, all of this is extremely strange, I never faced anything similar to this myself, are you getting the same issue as me? and what else could I do? Many thanks for your help – Fozoro Jul 29 '19 at 13:40
  • try an older version of firefox(for preference 8.0) if you want to intercept https traffic, enable an ssl-proxy in the browser on port 8080, install burp cert in the browser, restore defaults in burp and restart burp& firefox. –  Jul 29 '19 at 13:54
  • Thanks for the advice, I'll try it our right away. What will using an older version of firefox do? wasn't firefox 8 launched in like 2005? – Fozoro Jul 29 '19 at 14:07
  • I've added an SSL proxy as you suggested and also decided to change the proxy settings of firefox itself rather than using FoxyProxy and now I'm getting this error message (https://imgur.com/a/4ukGzcu) inside of Burpsuite. The error on the website itself remains the same. – Fozoro Jul 29 '19 at 14:24
  • @Fozoro That was unexpected saying this remotely, however if all else fails, the information provided here can you send to support@portswigger.net, they will probably know more how to handle this. –  Jul 29 '19 at 15:01