Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

TSL 1.2

Smith Brown Jan 08, 2018 08:27PM UTC

Hi All,
thats my first post on Burp forum! :)
I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP.
It seems infact the only way to do that, is to configure the system proxy, and Burp Proxy seems very good at that... ;)
Unfortunately there is a problem: it all works only when HTTP/S Responses come within seconds.
If the Response delays too much, more than half min or so, the relative client goes into timeout, drops the communication and aborts with error.
That happens usually when Burp gets busy in waiting for the internet site (very slow) or when the Response is indeed a big file to dl.
I have been wandering in your forum, where I guess I understood, the only way to workaround that is by an "extension".
So be clear I will come straight to the point, and explain exactly what is the workaround I want to do, with a real-life example.

When Burp Proxy receives such a HTTPS Request
GET /msi/SkypeSetup_7.40.0.104.msi HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Connection: close
Cache-Control: no-cache

Then Burp detects the filename and triggers a different behavior: it does NOT open a new connection upstream, but instead it builds a new Response header such as:
HTTP/1.1 200 OK
Content-Length: 45522944
Content-Type: application/octet-stream
Content-MD5: 5T+nTDSkNyPrzKr/tzEyRw==
Last-Modified: Sat, 21 Oct 2017 14:13:44 GMT
ETag: 0x8D5188DF08F22FF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0ce7bea1-001e-00a9-0e82-511584000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Cache-Control: max-age=86400
Date: Mon, 08 Jan 2018 02:01:34 GMT
Connection: close

And then loads the body binary content from a local file (somewhere on local media) called "SkypeSetup_7.40.0.104.msi", appends it to the header Response, and sends all straight to the client.

Since I have no experience in Burp "extension", and my programming skills are limited, my question is:
- Is there a public Burp "extension", which makes already smtng similar, so I can copy it and modify myself (to make this workaround)?

Paul Johnston Jan 09, 2018 11:24AM UTC Support Center agent


Thanks for your message.

Burp is probably not the best tool for provide TLS 1.2 support to Windows XP clients. It’s more intended for testing and debugging, and you’re likely to encounter all sorts of problems using it like you are.

Regarding your extension request, I believe this would be possible using the Burp Extender API. However, I’m not aware of an extension that currently does this.

Smith Brown Jan 09, 2018 11:58AM UTC
thank you for your answer :)
I'm definitely able to do some Java programming, such as building a custom string as Response header, load an external bin file, and append it as body to the header.
What I'm NOT able to do is, to trigger Burp Proxy to detect the filename pattern in the client Request, and then how to send the new header+body back to the client as Response.
Can someone please send me a backbone of the method needed to catch the incoming string Request, and the method needed to send the custom Response back?

Paul Johnston Jan 09, 2018 05:14PM UTC Support Center agent


You can hook a proxy message by creating an IProxyListener and registering it. Inside processProxyMessage() you can’t immediately return a response. But you can modify the incoming message and redirect it to a local web service. Your extension can run an local HTTP server and return the responses you want. While not the most elegant solution, this does work.

Smith Brown Jan 09, 2018 11:48PM UTC
Hi Paul,
all perfectly clear, thank you :)
Programming a dedicated HTTP/S server in Java for the sole purpose to feed TSL 1.2 on Xp, was actually my original project.
Then I thought, why I'm wasting my time in doing smtng new, when there is already my buddy Burp doing this much better already..? ;)
The Burp version I'm still using (proudly!) is the 1.4, which didn't have a mature "extensions" support indeed.
But after 7 years, I would have absolutely bet, the newest version of Burp had this feature finally... well, you can never say the things of life isnt it :)

Post Your public answer

Your name
Your email address