jruby SSLSocket error
I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using HTTPS:
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:in `connect'", "org/jruby/ext/timeout/Timeout.java:98:in `timeout'",
"<script>:483:in `create_dradis_issue'","<script>:561:in `send_to_dradis_menu_handler'", "<script>:105:in `createMenuItems'", "org/jruby/gen/InterfaceImpl550592149.gen:13:in `actionPerformed'"]
But, when I run an external ruby script compiled with jruby (https://gist.github.com/aapomm/8f5206ac6f6a34af3a4a76a48f2ee98a), it POSTs successfully to the server. Any ideas?
I'm using Burp Suite Free Edition 1.7.16 and jruby-complete-1.7.26.
Burp team, can you spot what are we missing in our extension code? As far as I can tell we're using the same code that in the Gist Aaron posted, with VERIFY_NONE and everything:
Which works when run directly through Java + JRuby, but now when run inside the Burp extension.
We've banged our heads against this for a while and any pointers or clues would be really appreciated.
I’m afraid my Ruby fu is weak and I don’t really have any ideas after looking at your code.
If you’re making your own HTTP requests outside of the Burp API, then we wouldn’t expect the presence of Burp to make a difference, but evidently it is.
Would it be feasible to make your requests to the Dradis endpoint via the Burp API, so that Burp ensures that SSL trust is not enforced?
For reference, here's the relevant code: https://github.com/dradis/burp-dradis/blob/master/burp-dradis.rb#L395