Blog | G5 Cyber Security

Burp Suite SSL Error: Fix ‘Unrecognized SSL message plaintext connection’

G5 Cyber Security

TL;DR

This error usually means Burp isn’t correctly intercepting and handling HTTPS traffic. It often happens after updates or with certain browser/certificate setups. We’ll cover the most common fixes, from certificate installation to proxy settings.

Fixing ‘Unrecognized SSL message plaintext connection’ in Burp Suite

  1. Check Your Browser Proxy Settings
    • Make sure your browser is configured to use Burp as its proxy. The default settings are usually:
      • Host: 127.0.0.1
      • Port: 8080
    • Most browsers have a setting to bypass the proxy for local addresses (e.g., ‘localhost’, ‘127.0.0.1’). Ensure this is not enabled if you want Burp to intercept all traffic.
  2. Install the Burp CA Certificate in Your Browser
    • Burp generates a Certificate Authority (CA) certificate that your browser needs to trust.
    • Step 1: Export from Burp: In Burp Suite, go to Proxy > Options. In the ‘Proxy Listeners’ tab, select your listener and click ‘Import/Export CA certificate’. Choose ‘Save as DER file’. Save it somewhere you can find it (e.g., Desktop).
    • Step 2: Import into Browser: The process varies by browser:
      • Chrome/Edge: Settings > Privacy and security > Security > Manage certificates > Authorities > Import… Browse to the DER file you saved.
      • Firefox: Settings > Privacy & Security > Certificates > View Certificates > Authorities > Import… Browse to the DER file. Make sure to check ‘Trust this CA certificate for identifying websites’.
  3. Restart Your Browser

    After installing the certificate, completely restart your browser (close all windows and processes). This is crucial.

  4. Check Burp’s SSL Settings
    • Go to Proxy > Options in Burp Suite.
    • In the ‘Proxy Listeners’ tab, ensure that ‘Use transparent proxying’ is unchecked unless you specifically need it (it can cause issues).
    • Under ‘SSL Settings’, verify that ‘Client certificate authentication’ isn’t enabled unless required by the target website.
  5. Clear Browser Cache and Cookies

    Old cache data can sometimes interfere with SSL connections. Clear your browser’s cache and cookies.

  6. Check for Conflicting Proxies or VPNs
    • Disable any other proxies (e.g., system-wide proxies) or VPN software that might be interfering with Burp.
  7. Update Burp Suite

    Make sure you’re using the latest version of Burp Suite. Updates often include fixes for SSL-related issues.

  8. Check System Time and Date

    Incorrect system time can cause SSL certificate validation errors. Ensure your computer’s date and time are correct.

  9. Advanced: Force Burp to Use a Specific Protocol Version (Rare)

    In very rare cases, the target server might require a specific TLS version that Burp isn’t using by default. This is usually only needed for older systems.

    • Go to Proxy > Options > SSL Settings.
    • Experiment with different ‘Protocol versions’. Start with the highest supported version and work your way down if necessary. Be cautious when changing these settings, as it can reduce security. 
      TLSv1.3
Exit mobile version