Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

jruby SSLSocket error

Aaron Manaloto Jan 25, 2017 08:42AM UTC

I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using HTTPS:

["org/jruby/ext/openssl/SSLSocket.java:215:in `connect'",
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:in `connect'", "org/jruby/ext/timeout/Timeout.java:98:in `timeout'",
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:in `connect'",
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:756:in `do_start'",
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:745:in `start'",
"/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:1293:in `request'",
"<script>:483:in `create_dradis_issue'","<script>:561:in `send_to_dradis_menu_handler'", "<script>:105:in `createMenuItems'", "org/jruby/gen/InterfaceImpl550592149.gen:13:in `actionPerformed'"]

But, when I run an external ruby script compiled with jruby (https://gist.github.com/aapomm/8f5206ac6f6a34af3a4a76a48f2ee98a), it POSTs successfully to the server. Any ideas?

I'm using Burp Suite Free Edition 1.7.16 and jruby-complete-1.7.26.


Daniel Jan 25, 2017 08:56AM UTC
Btw, this is related to the SSL issues described here:

https://support.portswigger.net/customer/portal/questions/16753904-let-s-encrypts-certificates


Burp team, can you spot what are we missing in our extension code? As far as I can tell we're using the same code that in the Gist Aaron posted, with VERIFY_NONE and everything:

https://github.com/dradis/burp-dradis/blob/master/burp-dradis.rb#L469


Which works when run directly through Java + JRuby, but now when run inside the Burp extension.

We've banged our heads against this for a while and any pointers or clues would be really appreciated.

-Daniel

Dafydd Stuttard Jan 27, 2017 09:22AM UTC Support Center agent

I’m afraid my Ruby fu is weak and I don’t really have any ideas after looking at your code.

If you’re making your own HTTP requests outside of the Burp API, then we wouldn’t expect the presence of Burp to make a difference, but evidently it is.

Would it be feasible to make your requests to the Dradis endpoint via the Burp API, so that Burp ensures that SSL trust is not enforced?


Aaron Manaloto Feb 22, 2017 06:57AM UTC
The suggested solution of using the Burp API to make the request, as opposed to Ruby's Net::HTTP, worked!

For reference, here's the relevant code: https://github.com/dradis/burp-dradis/blob/master/burp-dradis.rb#L395

Post Your public answer

Your name
Your email address
Answer