login

Burp Suite, the leading toolkit for web application security testing

Suite Options: SSL

This tab contains settings for SSL negotiation, and client and server SSL certificates.

SSL Negotiation

These settings control the SSL protocols and ciphers that Burp will use when performing SSL negotiation with upstream servers.

Sometimes, you may have difficulty negotiating SSL connections with certain web servers. The Java SSL stack contains a few gremlins, and fails to work with certain unusual server configurations. To help you troubleshoot this problem, Burp lets you specify which protocols and ciphers should be offered to servers during SSL negotiations.

The following other options are available:

Client SSL Certificates

These settings let you configure the client SSL certificates that Burp will use when a destination host requests one. You can configure multiple certificates, and specify the hosts for which each certificate should be used. When a host requests a client SSL certificate, Burp will use the first certificate in the list whose host configuration matches the name of the host being contacted.

You can use wildcards in the destination host specification (* matches zero or more characters, and ? matches any character except a dot). To use a single certificate whenever any host requests one, use * as the destination host.

The following types of client certificates are supported:

Note: Java does not currently support PKCS#11 on 64-bit versions of Windows.

Server SSL Certificates

This information-only panel contains details of all X509 certificates received from web servers. Double-click an item in the table to display the full details of the certificate. 

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Wednesday, April 22, 2015

v1.6.17

This release contains a number of minor enhancements and bugfixes, including:

  • The Proxy now uses SHA256 to generate its CA and per-host certificates
  • There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
  • A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
  • A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.