Penetration Testing mailing list archives
RE: Burp Proxy Question
From: learn lids <learnlids () yahoo com>
Date: Thu, 22 Apr 2010 05:19:01 -0700 (PDT)
rob - that was the error i was getting. by adding a wildcard for the upstream proxy, everything works fine now. thanks to all who jumped in with suggestions. --- On Tue, 4/13/10, PortSwigger <mail () portswigger net> wrote:
From: PortSwigger <mail () portswigger net> Subject: RE: Burp Proxy Question To: "'learn lids'" <learnlids () yahoo com>, "'pen-test'" <pen-test () securityfocus com> Date: Tuesday, April 13, 2010, 5:40 AM To use Burp with an upstream proxy, go to the Options tab, and under "upstream proxy server" add a rule with a wildcard (*) as the destination host, and the relevant proxy details in the other fields. Both HTTP and HTTPS connections through the proxy are supported. If you have modified any other settings to try and achieve upstream proxying through other means, it might be worth restoring default settings first (via the Burp menu). Hope that helps. Cheers PortSwigger -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of learn lids Sent: 06 April 2010 05:03 To: pen-test Subject: Burp Proxy Question hi all, i am using burp proxy 1.3 to look at a webstie through a http proxy - http://something.com . the website redirects to https, and then burp gives the message "Burp proxy error: Unrecognized SSL message, plaintext connection? " this seems to be a common java error, and the burp suite documentation did not have any poiters to resolve this issue. does burp supprot outgoing http/https proxies at all? if yes or no, what is the best way to use it? - learner ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Burp Proxy Question learn lids (Apr 08)
- Re: Burp Proxy Question Rob Fuller (Apr 12)
- Re: Burp Proxy Question pasquale imperato (Apr 13)
- RE: Burp Proxy Question PortSwigger (Apr 14)
- RE: Burp Proxy Question learn lids (Apr 22)