Penetration Testing mailing list archives

RE: Burp Proxy Question

From: learn lids <learnlids () yahoo com>
Date: Thu, 22 Apr 2010 05:19:01 -0700 (PDT)

rob - that was the error i was getting. by adding a wildcard for the upstream proxy, everything works fine now. 

thanks to all who jumped in with suggestions. 


--- On Tue, 4/13/10, PortSwigger <mail () portswigger net> wrote:

From: PortSwigger <mail () portswigger net>
Subject: RE: Burp Proxy Question
To: "'learn lids'" <learnlids () yahoo com>, "'pen-test'" <pen-test () securityfocus com>
Date: Tuesday, April 13, 2010, 5:40 AM
To use Burp with an upstream proxy,
go to the Options tab, and under
"upstream proxy server" add a rule with a wildcard (*) as
the destination
host, and the relevant proxy details in the other fields.
Both HTTP and
HTTPS connections through the proxy are supported. If you
have modified any
other settings to try and achieve upstream proxying through
other means, it
might be worth restoring default settings first (via the
Burp menu).

Hope that helps.

Cheers
PortSwigger

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On
Behalf Of learn lids
Sent: 06 April 2010 05:03
To: pen-test
Subject: Burp Proxy Question

hi all, i am using burp proxy 1.3 to look at a webstie
through a http proxy
- http://something.com . the website redirects to https,
and then burp gives
the message "Burp proxy error: Unrecognized SSL message,
plaintext
connection? " 

this seems to be a common java error, and the burp suite
documentation did
not have any poiters to resolve this issue. does burp
supprot outgoing
http/https proxies at all? if yes or no, what is the best
way to use it? 

- learner

------------------------------------------------------------------------
This list is sponsored by: Information Assurance
Certification Review Board

Prove to peers and potential employers without a doubt that
you can actually
do a proper penetration test. IACRB CPT and CEPT certs
require a full
practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Burp Proxy Question learn lids (Apr 08)
- Re: Burp Proxy Question Rob Fuller (Apr 12)
- Re: Burp Proxy Question pasquale imperato (Apr 13)
- RE: Burp Proxy Question PortSwigger (Apr 14)
  - RE: Burp Proxy Question learn lids (Apr 22)