Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I use PKCS#11 under Windows?

Nicolas | Last updated: Nov 01, 2017 11:10AM UTC

Hello, I got an interesting question during a training: which combo of OS and JVM should be used in order to use PKCS#11 certificates under Windows with recent versions of Burp Suite? I looked at the documentation and am somewhat puzzled by my findings: - "Java does not currently support PKCS#11 on 64-bit versions of Windows" https://portswigger.net/burp/help/options_ssl.html - "project files feature is not available on 32-bit platforms" http://blog.portswigger.net/2016/04/introducing-burp-projects.html So, if I understood correctly, a 64-bit JVM in needed to use projects, but a Windows 64-bit JVM can't use PKCS#11 certificates. Is that correct? If yes, is there alternative solutions to switching to Mac or Linux? Note: I also looked at ZAP. Running a 32-bit JVM in a 64-bit Windows OS with 64-bit PKCS#11 drivers seem to do the trick: https://groups.google.com/forum/#!topic/zaproxy-users/PiH5lDDrXWA But they don't have the limitations related to Projects. Thanks in advance, Nicolas

PortSwigger Agent | Last updated: Nov 01, 2017 11:17AM UTC

Hi Nicolas, Thanks for your message. Fortunately, 64 Java does now support PKCS#11, it's been available since J8b49. I've asked our web team to update the documentation. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 01, 2017 12:02PM UTC

Thanks for the prompt feedback (and the good news!), but I've no idea what is Java 8b49 (and Java 8u49 doesn't exist). I also looked at the Java 8 changelog, and found no references to PKCS#11. Do you know exactly which versions of Java 8 support PKCS#11 in a 64-bit environment?

PortSwigger Agent | Last updated: Nov 01, 2017 12:03PM UTC

Hi Nicolas, Not 100% sure on the version, I just took that from here: - https://stackoverflow.com/questions/8056818/accessing-hardware-pkcs11-token-on-a-64-bit-machine I suggest you use the latest Java 8 anyway.

Burp User | Last updated: Nov 01, 2017 12:14PM UTC

Responding to myself: the change was implemented in JEP-131 which was closed in June 2017: http://openjdk.java.net/jeps/131 So the feature was probably introduced in versions >= JDK 8u141. I'll have to test that...

PortSwigger Agent | Last updated: Nov 01, 2017 12:28PM UTC

Thanks Nicolas, I'll keep that on file in case anyone else asks :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.