TL;DR
This error usually means Burp isn’t correctly intercepting and handling HTTPS traffic. It often happens after updates or with certain browser/certificate setups. We’ll cover the most common fixes, from certificate installation to proxy settings.
Fixing ‘Unrecognized SSL message plaintext connection’ in Burp Suite
- Check Your Browser Proxy Settings
- Make sure your browser is configured to use Burp as its proxy. The default settings are usually:
- Host: 127.0.0.1
- Port: 8080
- Most browsers have a setting to bypass the proxy for local addresses (e.g., ‘localhost’, ‘127.0.0.1’). Ensure this is not enabled if you want Burp to intercept all traffic.
- Make sure your browser is configured to use Burp as its proxy. The default settings are usually:
- Install the Burp CA Certificate in Your Browser
- Burp generates a Certificate Authority (CA) certificate that your browser needs to trust.
- Step 1: Export from Burp: In Burp Suite, go to Proxy > Options. In the ‘Proxy Listeners’ tab, select your listener and click ‘Import/Export CA certificate’. Choose ‘Save as DER file’. Save it somewhere you can find it (e.g., Desktop).
- Step 2: Import into Browser: The process varies by browser:
- Chrome/Edge: Settings > Privacy and security > Security > Manage certificates > Authorities > Import… Browse to the DER file you saved.
- Firefox: Settings > Privacy & Security > Certificates > View Certificates > Authorities > Import… Browse to the DER file. Make sure to check ‘Trust this CA certificate for identifying websites’.
- Restart Your Browser
After installing the certificate, completely restart your browser (close all windows and processes). This is crucial.
- Check Burp’s SSL Settings
- Go to Proxy > Options in Burp Suite.
- In the ‘Proxy Listeners’ tab, ensure that ‘Use transparent proxying’ is unchecked unless you specifically need it (it can cause issues).
- Under ‘SSL Settings’, verify that ‘Client certificate authentication’ isn’t enabled unless required by the target website.
- Clear Browser Cache and Cookies
Old cache data can sometimes interfere with SSL connections. Clear your browser’s cache and cookies.
- Check for Conflicting Proxies or VPNs
- Disable any other proxies (e.g., system-wide proxies) or VPN software that might be interfering with Burp.
- Update Burp Suite
Make sure you’re using the latest version of Burp Suite. Updates often include fixes for SSL-related issues.
- Check System Time and Date
Incorrect system time can cause SSL certificate validation errors. Ensure your computer’s date and time are correct.
- Advanced: Force Burp to Use a Specific Protocol Version (Rare)
In very rare cases, the target server might require a specific TLS version that Burp isn’t using by default. This is usually only needed for older systems.
- Go to Proxy > Options > SSL Settings.
- Experiment with different ‘Protocol versions’. Start with the highest supported version and work your way down if necessary. Be cautious when changing these settings, as it can reduce security.
TLSv1.3