Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

java.net.SocketException: Connection reset

August | Last updated: Apr 08, 2016 11:39PM UTC

I am able to reach the site I am testing over HTTPS via browser directly, but when I use Burp to connect I see two errors in the Alerts tab: java.net.SocketException: Connection reset Connection reset This happens using Proxy and when trying to issue requests directly with Repeater. Accessing the site over standard HTTP through Burp works fine. This indicates to me that there may be some issue with the way Burp is negotiating the HTTPS connection with this site. Is there any way to get more debug information on these alerts?

PortSwigger Agent | Last updated: Apr 11, 2016 10:16AM UTC

It does sounds like an SSL negotiation problem. We would suggest: - Changing the settings at Options / SSL / SSL negotiation. - Enabling only the protocol + cipher used by your browser and turning off auto-selection of compatible ciphers by Burp. - Try a different version of Java (6 / 7 / 8).

Burp User | Last updated: Apr 21, 2016 09:02PM UTC

It turns out that the Java Unlimited Cryptography Extensions are not installed on this test platform. Since the target site uses only strong ciphers there was no way to connect. I've made a simple Burp extension to warn if the UCE are not installed: https://github.com/augustd/burp-suite-uce-check Hopefully it will be of use to someone. Can it be added to the BApp Store?

PortSwigger Agent | Last updated: Apr 22, 2016 07:58AM UTC

Burp should already be showing a warning in the alerts tab if the JCE extensions are not installed. Did you not see a native Burp alert about this?

Burp User | Last updated: Apr 25, 2016 10:02PM UTC

I did not.

PortSwigger Agent | Last updated: Apr 26, 2016 08:23AM UTC

That's interesting. On failure of SSL negotiation, Burp checks the maximum allowed key length for the AES cipher and should show an alert if it is less than 256. Is it possible that your system is supporting 256-bit AES without the JCE unlimited strength jurisdiction policy files?

Shreyash | Last updated: Mar 04, 2020 10:42AM UTC

What is connection reset by peer: socket write error and how to resolve it?

Hannah, PortSwigger Agent | Last updated: Mar 04, 2020 11:55AM UTC

Hi Shreyash I see your question is a duplicate of https://forum.portswigger.net/thread/socket-write-error-3fbb1fdd03289078e We will continue support on the other thread.

umersiddique | Last updated: Jul 21, 2020 09:35PM UTC

how to resolve 1595367301513 Spider [3] java.net.SocketException: Connection reset this issue

Hannah, PortSwigger Agent | Last updated: Jul 22, 2020 07:04AM UTC

Hi Could you send a screenshot of this issue to support@portswigger.net?

irvinborder | Last updated: Aug 03, 2020 06:11AM UTC

There are several possible causes. The other end has deliberately reset the connection, in a way which I will not document here. It is rare, and generally incorrect, for application software to do this, but it is not unknown for commercial software. More commonly, it is caused by writing to a connection that the other end has already closed normally. In other words an application protocol error. It can also be caused by closing a socket when there is unread data in the socket receive buffer. http://net-informations.com/java/net/socket.htm

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.