CODEWITHSUNDEEP
securitypenetration-testingburpsecurity-testing
zzz
zzz

Reputation: 517

client failed to negotiate an ssl connection : no cipher suites in common -- burp suite

Unable to tamper HTTPS request using burp suit after importing PortSwigger certificate . it given an alert 'client failed to negotiate an ssl connection : no cipher suites in common'... where as it works fine for http request.. i have tried Internet explorer, chrome, Mozilla and java 7 and 8 but did not succeeded to tamper request

Upvotes: 2

Views: 21040

Answers (3)

Ender
Ender

Reputation: 845

In your case, have you tried to download the Cert from http://burp and import it? If it does not work, try to import/export CA certification (Burp -> Proxy -> Options -> import/export CA certification -> save) and import back to your browser.

With Android, since the "traditional" way of installing a user certificate doesn't work anymore in Nougat and above, for me the easiest solution is to install the Burp CA to the system trusted certificates. You can see all the system CAs that are bundled with an Android device by going to Settings -> Security -> Trusted Credentials and viewing system CAs. You'll see the similar CAs you'd see in a browser bundle. Trusted CAs for Android are stored in a special format in /system/etc/security/cacerts. If we have root privileges, it's possible to write to this location and drop in the Burp CA (after some modification).

The precise steps to generate and import the CA is here:

Upvotes: 2

Suraj Sonawane
Suraj Sonawane

Reputation: 2494

I have solved that issue using below techniche

  1. Open burp suit

  2. Can you see Proxy Tab

    2.1 Then Click on Options tab

    2.2 Check for SSL Pass Through in below page listing

  3. Add your host and port number in dialogue.

Cheers...!!! You are ready to go.

Upvotes: -2

Savan Gadhiya
Savan Gadhiya

Reputation: 305

You need to check SSL related configurations (Project Options > SSL)

  • Default is "Use the default protocols and ciphers of your Java Installation".
  • You can change it to "Use custom protocols and ciphers". Check the supported ciphers for host you want to test using SSLScan and configure the same.
  • In case, it still does not work you can select "Allow unsafe renegotiation".(Once you are done with testing you can revert back to default settings).

Upvotes: 3

Related Questions