The burp-awesome-tls's discuss from sleeyax

Errors

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:627)
at java.base/java.lang.Integer.parseInt(Integer.java:781)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.SettingsTab.(SettingsTab.java:44)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.Zx5.ZS(Unknown Source)
at burp.Zcp_.Zc(Unknown Source)
at burp.Zcpk.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:577)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1623)
a

[Backend] Read TLS fingerprint from raw bytes

Error on first installation: java.lang.NumberFormatException: Cannot parse null string

Run java 17.0.4 2022-07-19 LTS and I have tried various versions of Java but none of them works. these are errors. Thanks for your contribution.
java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getTimeout(Settings.java:52)
at burp.SettingsTab.(SettingsTab.java:38)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.xu1.lambda$registerExtenderCallbacks$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

fatal error: concurrent map writes

i've been able to bypass cloudflare bot check using android 11 okhttp preset, the thing is - entire burpsuite crashes after few seconds.

log: https://gist.github.com/surfaceflinger/fc66507ebbcc46d46e2b9218c91ee253

[backend] Automatic SSL certificate generation

The backend server should support SSL/TLS for security reasons. Certificates should be automatically generated for additional security. We could use code from gomitmproxy for this (with proper credit, of course!).

Bad request when binary data in HTTP request

I got a bad request response from the go server when proxying a request that sends data in the protocol buffer wire format.

Not Worked

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:627)
at java.base/java.lang.Integer.parseInt(Integer.java:781)
at burp.Settings.getTimeout(Settings.java:52)
at burp.SettingsTab.(SettingsTab.java:38)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.zkf.K(Unknown Source)
at burp.u2d.O(Unknown Source)
at burp.u29.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:577)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1589)

加载插件时报错

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.SettingsTab.(SettingsTab.java:44)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.Zx5.ZS(Unknown Source)
at burp.Zcp_.Zc(Unknown Source)
at burp.Zcpk.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

Not working on Windows x64

Downloaded the extension and added it. After that everything I changed in the screenshot, when I try to open any site it errors.

burp and browser config

Is It possible to give burp and browser config example because for some reason my burp crashes.

[Frontend] Settings management

We should consider how to pass settings from UI to the backend server. Perhaps we could keep it simple and just pass in a header with JSON serialized settings and then remove that header at the backend so it doesn't get sent to the destination host.

[Backend] Add customizable HTTP 2 SETTINGS frame

rfc7540

error on burp

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:784)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.SettingsTab.(SettingsTab.java:44)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.Zcp.Zi(Unknown Source)
at burp.Zu1y.ZY(Unknown Source)
at burp.Zu11.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

Failed to connect to 127.0.0.1:8887

What is the purpose of the listener address?

[Backend] Fork net/http

[WINDOWS] Burp Suite crashes on startup with burp-awesome-tls extension enabled

Description

When I enable the burp-awesome-tls extension, Burp Suite crashes on startup.

Steps to Reproduce

Start Burp Suite.
Install and enable the burp-awesome-tls extension.
The Burp Suite crashes instantly

Expected Behavior

Burp Suite should start normally with the burp-awesome-tls extension enabled.

Actual Behavior

Burp Suite crashes immediately on startup when the burp-awesome-tls extension is enabled.

Burp Suite Version

Burp Suite Community Edition v2024.1.1.6

Extension Version

v1.2.0

Java Version

Java 21

Additional Information

--diagnostics flag output

--------------------------------------------------------------------------------------------------------- SYSTEM PROPERTIES --------------------------------------------------------------------------------------------------------- awt.dnd.drag.threshold 15 com.sun.net.ssl.requireCloseNotify false file.encoding UTF-8 file.separator \ flatlaf.uiScale.enabled false java.class.path burpsuite_community.jar java.class.version 65.0 java.home D:\Programme\Java java.io.tmpdir C:\Users\Nabil\AppData\Local\Temp\ java.library.path D:\Programme\Java\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Mullvad VPN\resources;C:\Program Files\Git\cmd;C:\Program Files\Go\bin;C:\Users\Nabil\AppData\Local\Programs\Python\Launcher\;C:\Users\Nabil\AppData\Local\Microsoft\WindowsApps;C:\Users\Nabil\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\Nabil\go\bin;. java.runtime.name Java(TM) SE Runtime Environment java.runtime.version 21.0.2+13-LTS-58 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 21 java.vendor Oracle Corporation java.vendor.url https://java.oracle.com/ java.vendor.url.bug https://bugreport.java.com/bugreport/ java.version 21.0.2 java.version.date 2024-01-16 java.vm.compressedOopsMode Zero based java.vm.info mixed mode, sharing java.vm.name Java HotSpot(TM) 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 21 java.vm.vendor Oracle Corporation java.vm.version 21.0.2+13-LTS-58 jdk.debug release jdk.tls.allowUnsafeServerCertChange true jdk.tls.maxCertificateChainLength 1337 native.encoding Cp1252 org.bouncycastle.jsse.client.dh.minimumPrimeBits 1024 org.bouncycastle.jsse.client.dh.unrestrictedGroups true os.arch amd64 os.name Windows 10 os.version 10.0 path.separator ; stderr.encoding cp850 stdout.encoding cp850 sun.arch.data.model 64 sun.awt.enableExtraMouseButtons true sun.boot.library.path D:\Programme\Java\bin sun.cpu.endian little sun.cpu.isalist amd64 sun.io.unicode.encoding UnicodeLittle sun.java.command burpsuite_community.jar --diagnostics sun.java.launcher SUN_STANDARD sun.jnu.encoding Cp1252 sun.management.compiler HotSpot 64-Bit Tiered Compilers sun.os.patch.level user.country DE user.dir D:\Programme\BurpSuiteCommunity user.home C:\Users\Nabil user.language de user.name Nabil user.script user.timezone Europe/Berlin user.variant

SYSTEM RESOURCES

Number of processors 8
Total JVM memory 108 MiB
Max JVM memory 3,98 GiB
Free JVM memory 66,09 MiB

Total physical memory 15,93 GiB
Free physical memory 8,67 GiB
Total swap 22,18 GiB
Free swap 10,45 GiB

BURP PROPERTIES

Burp Version 2024.1.1.6
Build Number 27682
Product Name Burp Suite Community Edition
Burp Browser [version=122.0.6261.112, installationPath=D:\Programme\BurpSuiteCommunity\burpbrowser\122.0.6261.112]
Code source D:\Programme\BurpSuiteCommunity\burpsuite_community.jar
Debug ID qdov1t0g9oecadiq8zvq:o3bq
JAR type Installer
currenttimemillis 1710591326552
nanotime 73352300819000

---

Thank you for your assistance.

[Backend] Import net/x/http2

See: refraction-networking/utls#16 (comment)

Does this plugin have specific requirements for Java versions and Burp versions? I'm experiencing crashes when installing both the fat version and the Windows x64 version of the release on Burp 2023.10.3.6 with Java 17.0.99.

Error after adding extension

When I added the extension I get this error.

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.SettingsTab.(SettingsTab.java:44)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.Zcuc.Zw(Unknown Source)
at burp.Zsmc.ZS(Unknown Source)
at burp.Zsmz.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.BurpExtender.processHttpMessage(BurpExtender.java:58)
at burp.Znx2.handleHttpRequestToBeSent(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.Zcnb.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy64.handleHttpRequestToBeSent(Unknown Source)
at burp.Ziby.ZG(Unknown Source)
at burp.Zsmr.ZG(Unknown Source)
at burp.Zfft.ZG(Unknown Source)
at burp.Zik3.Zv(Unknown Source)
at burp.Zink.ZD(Unknown Source)
at burp.Zink.ZH(Unknown Source)
at burp.Zte5.ZH(Unknown Source)
at burp.Ziot.ZH(Unknown Source)
at burp.Zkeg.ZH(Unknown Source)
at burp.Zcug.ZU(Unknown Source)
at burp.Zkkj.ZC(Unknown Source)
at burp.Zkk7.ZC(Unknown Source)
at burp.Zfmk.ZJ(Unknown Source)
at burp.Ztir.lambda$issueRequest$0(Unknown Source)
at burp.Zcq9.ZR(Unknown Source)
at burp.Zcv3.Zt(Unknown Source)
at burp.Zcv3.Zw(Unknown Source)
at burp.Zbns.Zb(Unknown Source)
at burp.Ztre.Zb(Unknown Source)
at burp.Ztir.Ze(Unknown Source)
at burp.Zi8v.Zn(Unknown Source)
at burp.Zg3y.ZG(Unknown Source)
at burp.Zce3.Zi(Unknown Source)
at burp.Zfld.Zb(Unknown Source)
at burp.Zfld.Zp(Unknown Source)
at burp.Zm7q.Zc(Unknown Source)
at burp.Zpv.Zg(Unknown Source)
at burp.Zk1b.ZZ(Unknown Source)
at burp.Ziso.run(Unknown Source)
at burp.Zcjg.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.BurpExtender.processHttpMessage(BurpExtender.java:58)
at burp.Znx2.handleHttpRequestToBeSent(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.Zcnb.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy64.handleHttpRequestToBeSent(Unknown Source)
at burp.Ziby.ZG(Unknown Source)
at burp.Zsmr.ZG(Unknown Source)
at burp.Zfft.ZG(Unknown Source)
at burp.Zik3.Zv(Unknown Source)
at burp.Zink.ZD(Unknown Source)
at burp.Zink.ZH(Unknown Source)
at burp.Zte5.ZH(Unknown Source)
at burp.Ziot.ZH(Unknown Source)
at burp.Zkeg.ZH(Unknown Source)
at burp.Zcug.ZU(Unknown Source)
at burp.Zkkj.ZC(Unknown Source)
at burp.Zkk7.ZC(Unknown Source)
at burp.Zfmk.ZJ(Unknown Source)
at burp.Ztir.lambda$issueRequest$0(Unknown Source)
at burp.Zcq9.ZR(Unknown Source)
at burp.Zcv3.Zt(Unknown Source)
at burp.Zcv3.Zw(Unknown Source)
at burp.Zbns.Zb(Unknown Source)
at burp.Ztre.Zb(Unknown Source)
at burp.Ztir.Ze(Unknown Source)
at burp.Zi8v.Zn(Unknown Source)
at burp.Zg3y.ZG(Unknown Source)
at burp.Zce3.Zi(Unknown Source)
at burp.Zfld.Zb(Unknown Source)
at burp.Zfld.Zp(Unknown Source)
at burp.Zm7q.Zc(Unknown Source)
at burp.Zpv.Zg(Unknown Source)
at burp.Zk1b.ZZ(Unknown Source)
at burp.Ziso.run(Unknown Source)
at burp.Zcjg.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)
java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getHttpTimeout(Settings.java:68)
at burp.BurpExtender.processHttpMessage(BurpExtender.java:58)
at burp.Znx2.handleHttpRequestToBeSent(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.Zcnb.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy64.handleHttpRequestToBeSent(Unknown Source)
at burp.Ziby.ZG(Unknown Source)
at burp.Zsmr.ZG(Unknown Source)
at burp.Zfft.ZG(Unknown Source)
at burp.Zik3.Zv(Unknown Source)
at burp.Zink.ZD(Unknown Source)
at burp.Zink.ZH(Unknown Source)
at burp.Zte5.ZH(Unknown Source)
at burp.Ziot.ZH(Unknown Source)
at burp.Zkeg.ZH(Unknown Source)
at burp.Zcug.ZU(Unknown Source)
at burp.Zkkj.ZC(Unknown Source)
at burp.Zkk7.ZC(Unknown Source)
at burp.Zfmk.ZJ(Unknown Source)
at burp.Ztir.lambda$issueRequest$0(Unknown Source)
at burp.Zcq9.ZR(Unknown Source)
at burp.Zcv3.Zt(Unknown Source)
at burp.Zcv3.Zw(Unknown Source)
at burp.Zbns.Zb(Unknown Source)
at burp.Ztre.Zb(Unknown Source)
at burp.Ztir.Ze(Unknown Source)
at burp.Zi8v.Zn(Unknown Source)
at burp.Zg3y.ZG(Unknown Source)
at burp.Zce3.Zi(Unknown Source)
at burp.Zfld.Zb(Unknown Source)
at burp.Zfld.Zp(Unknown Source)
at burp.Zm7q.Zc(Unknown Source)
at burp.Zpv.Zg(Unknown Source)
at burp.Zk1b.ZZ(Unknown Source)
at burp.Ziso.run(Unknown Source)
at burp.Zcjg.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:842)

Add "InsecureSkipVerify: true" to tls config (RoundTrip: x509: certificate name does not match input)

Hi, I have problems with tls on some sites: RoundTrip: x509: certificate name does not match input.
Can we add "InsecureSkipVerify: true" to tls config here?
https://github.com/sleeyax/burp-awesome-tls/blob/main/src-go/server/roundtripper.go#L84

Add cronet

Add https://github.com/SagerNet/cronet-go for a perfect chromium fingerprint with HTTP 1, 2 and 3 (QUIC) support.

Crashing Burp on Ubuntu 22.04

After loading the module and sending an HTTP request to the listener it crashes the whole BURP.
Burp version: 2022.9.1(Professional)
Java 17
os: Ubuntu 22.04

HTTP2 SETTINGS iOS support

Will there be support for iOS?
Because iOS devices only use MaxConcurrentStreams and InitialWindowSize.

[Backend] Create UTLS roundtripper

Error: open ca.der: permission denied

Using Burp Suite Pro v2023.10.1.2 on an ubuntu 22 VM, when attempting to load the extention I get the following error:

What directory are these files created in? I looked in certificate.go but couldn't find it. If I know the target directory I can just chown it and that should fix this issue.

Working through an external proxy

There is a need to set up an external proxy server (for ip spoofing). If you do it in Burp with the extension disabled and SOCKS5 proxy defined, everything works as it should.

If you enable the extension, the following error appears:

I take it the extension won't work through an external proxy?

Build cross platform .jar files

Ideally, instead of having a release that looks like this

burp-awesome-tls.jar
*-server.dll
*-server.so
*-server.dylib

We should have something like this:

burp-awesome-tls-linux-x64.jar
burp-awesome-tls-win-x64.jar

This is much more user friendly.

Thinking further, we could also release an actual cross platform 'fat jar' burp-awesome-tls-fat.jar that contains all server binaries for all supported platforms (i.e. most popular win, mac and linux). This jar would be significantly bigger in size, but it would work everywhere and could be dragged around on an USB stick for example.

I'm not sure how this build process should look like though. I think we'd need something like this, unless I'm missing something obvious:

go build action builds all binaries and places them in ./src-go/server/build
a custom script copies each binary into src/java/resources with the correct JNA {OS}-{ARCH} folder name and builds the jar file each time one gets copied, plus cleans up afterwards (i.e delete the resources/{OS}-{ARCH} that was created)
a custom script copies all binaries to resources and builds the fatjar

Awesome TLS error: create spec from client hello: FingerprintClientHello: unsupported extension 65037

copy client hello record as hex stream and paste it into the field "Hex Client Hello"

Awesome TLS error: create spec from client hello: FingerprintClientHello: unsupported extension 65037

Wechat mini program can not catch the packet, Repeater can not send

There was an error when the plug-in was installed, and several attempts were inexplably successful, but the package of wechat mini programs could not be caught and the response could not be sent. It is suggested that the author try it in the new environment

返回错误

wsarecv: An existing connection was forcibly closed by the remote host.

Java version error

ERROR:java.lang.UnsupportedClassVersionError: burp/BurpExtender has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes class file versions up to 59.0

Log error when server binary can't be found or loaded

Currently, there is a potential issue where the extension can be installed for an incorrect target architecture, resulting in it not functioning without any clear indication of the problem. To address this, we should implement a mechanism that logs an error to Burp's extension error log when the server binary is not found. This enhancement aims to prevent confusion by providing a clear error message in such situations.

Related to: #41

Migrate to new Montoya API

Portswigger has released a newer API a few months ago and has deprecated the extender API. This extension should be ported over to ensure it keeps working in the future.

Self signed certificate and not working port

Hello! I configured Awesome TLS like this:

And in my browser i've set proxy settings like this:

When i try to open google.com via firefox developer, im getting error: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.
Then i installed ca.der from this plugin to Firefox's certificate storage, and i'm getting following error: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY.

How to configure plugin to work?

Windows 11 Pro (x64)
Burp Suite Professional 2023.12.1.2
JDK 18
Using 1.2.0 fat version of plugin.

Cannot have multiple response headers w/ same name

If the response contains multiple cookies w/ the same name (such as set-cookie), only one is returned.

Set overwrites the header's value, if a header with that key already exists:

burp-awesome-tls/src-go/server/server.go

Lines 52 to 55 in 08fce6f

    
           for k, _ := range res.Header { 
        
           	v := res.Header.Get(k) 
        
           	w.Header().Set(k, v) 
        
           }

Add could be used instead, but maybe instead of looping through all the headers and copying them that way, it would be better to just copy the Header instance from res to w?

Setup cross-platform builds

We must be able to distribute cross-platform jar files targetting win, mac, linux. Each jar file should include one server library built for the target platform.

Alternatively we could distribute backend and frontend separately. Thus we end up having cross platform jar files for the frontend and cross platform binaries for the backend. This method is less portable but results in smaller jar files. Plus the server can update independently this way.

Unable to load library 'server.dylib'

After loading the extension in Burp, the following error is shown in stdout:

dlopen(libserver.dylib.dylib, 0x0009): tried: 'libserver.dylib.dylib' (relative path not allowed in hardened program), '/usr/lib/libserver.dylib.dylib' (no such file)
dlopen(libserver.dylib.dylib, 0x0009): tried: 'libserver.dylib.dylib' (relative path not allowed in hardened program), '/usr/lib/libserver.dylib.dylib' (no such file)
Native library (darwin-x86-64/libserver.dylib.dylib) not found in resource path ([file:/var/folders/hn/_pcv7pl154bbns24yhwjt05c0000gn/T/burp10831821168041598492.tmp/2])
	at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:301)
	at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:461)
	at com.sun.jna.Library$Handler.<init>(Library.java:192)
	at com.sun.jna.Native.load(Native.java:622)
	at com.sun.jna.Native.load(Native.java:596)
	at burp.ServerLibrary.<clinit>(ServerLibrary.java:8)
	at burp.BurpExtender.lambda$registerExtenderCallbacks$0(BurpExtender.java:36)
	at java.base/java.lang.Thread.run(Thread.java:833)
	Suppressed: java.lang.UnsatisfiedLinkError: dlopen(libserver.dylib.dylib, 0x0009): tried: 'libserver.dylib.dylib' (relative path not allowed in hardened program), '/usr/lib/libserver.dylib.dylib' (no such file)
		at com.sun.jna.Native.open(Native Method)
		at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:191)
		... 7 more
	Suppressed: java.lang.UnsatisfiedLinkError: dlopen(libserver.dylib.dylib, 0x0009): tried: 'libserver.dylib.dylib' (relative path not allowed in hardened program), '/usr/lib/libserver.dylib.dylib' (no such file)
		at com.sun.jna.Native.open(Native Method)
		at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:204)
		... 7 more
	Suppressed: java.io.IOException: Native library (darwin-x86-64/libserver.dylib.dylib) not found in resource path ([file:/var/folders/hn/_pcv7pl154bbns24yhwjt05c0000gn/T/burp10831821168041598492.tmp/2])
		at com.sun.jna.Native.extractFromResourcePath(Native.java:1145)
		at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:275)
		... 7 more

OS: macOS 12.6 (Intel)
Burp version: v2022.8.4 CE
Using Burp-Awesome-TLS-macos-amd64.jar from release v0.0.2-rc.2

Support for M1 Macs

Love this project, was wondering if you could publish builds for M1 Macs (ARM)? Appreciate the work.

Unable to load library on Ubuntu

Hi,

In burp I get an error like "Failed to connect to 127.0.0.1:8888"

the server is not started obviously.

Also, when I unload the extension I get an error like

java.lang.ExceptionInInitializerError: Exception java.lang.UnsatisfiedLinkError: Unable to load library 'server.so':
server.so: cannot open shared object file: No such file or directory
server.so: cannot open shared object file: No such file or directory
Native library (linux-x86-64/server.so) not found in resource path ([file:/tmp/burp9901995054636778576.tmp/32]) [in thread "Thread-19"]
	at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:301)
	at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:461)
	at com.sun.jna.Library$Handler.<init>(Library.java:192)
	at com.sun.jna.Native.load(Native.java:622)
	at com.sun.jna.Native.load(Native.java:596)
	at burp.ServerLibrary.<clinit>(ServerLibrary.java:8)
	at burp.BurpExtender.lambda$registerExtenderCallbacks$0(BurpExtender.java:36)
	at java.base/java.lang.Thread.run(Thread.java:1589)

[Backend] HTTP header order

We could apply this patch file instead of adding support from scratch again: https://go-review.googlesource.com/c/go/+/105755

Requests not working

I added the extension and I configured it but requests are not going through. The requests just get stuck on loading.

Here's my config:

burp proxy config:

output:

-

Update HTTP/TLS implementation

We should look into using a better maintained TLS spoofing library such as https://github.com/bogdanfinn/tls-client so we don't have to do so ourselves.

err

java.lang.NumberFormatException: Cannot parse null string
at java.base/java.lang.Integer.parseInt(Integer.java:630)
at java.base/java.lang.Integer.parseInt(Integer.java:786)
at burp.Settings.getTimeout(Settings.java:52)
at burp.SettingsTab.(SettingsTab.java:38)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:33)
at burp.Zf92.ZK(Unknown Source)
at burp.Zjpm.ZR(Unknown Source)
at burp.Zjp7.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

Bring back custom client hello (hex string field)

This feature was removed in https://github.com/sleeyax/burp-awesome-tls/releases/tag/v1.2.0 in favor of the more advanced intercept proxy. A handful of people have suggested adding it back because it's more lightweight, sharable and enables easier access to applying custom fingerprints.

[Frontend] Setup GUI

Possible fields:

Remote server connection URL
TLS fingerprint
- Chrome
- Firefox
- iOS Safari
- Android Chrome
- Android okhttp
- Charles
Custom fingerprint from wireshark capture
Other customizable UTLS settings