client failed to negotiate an ssl connection : no cipher suites in common -- burp suite

security penetration-testing burp security-testing
zzz picture zzz · Nov 28, 2016 · Viewed 14.1k times · Source

Unable to tamper HTTPS request using burp suit after importing PortSwigger certificate . it given an alert 'client failed to negotiate an ssl connection : no cipher suites in common'... where as it works fine for http request.. i have tried Internet explorer, chrome, Mozilla and java 7 and 8 but did not succeeded to tamper request

Answer

Savan Gadhiya picture Savan Gadhiya · Dec 9, 2016

You need to check SSL related configurations (Project Options > SSL)

  • Default is "Use the default protocols and ciphers of your Java Installation".
  • You can change it to "Use custom protocols and ciphers". Check the supported ciphers for host you want to test using SSLScan and configure the same.
  • In case, it still does not work you can select "Allow unsafe renegotiation".(Once you are done with testing you can revert back to default settings).

Related questions

Use App Scripts to open form and make a selection

To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure. Is there a way to open a form from the shared URL and list/input …

Read More
Penetration testing for PHP security vulnerabilities

I am doing a undergrad research paper on "Identifying and Testing security vulnerabilities in websites". Initially I thought I would test manually as I had specified in my methodology that I would only test for few chosen vulnerabilities i.e. …

Read More
Penetration Testing vs Other Security Testing

I do not know the difference between penetration testing and other forms of security testing. Could anyone experienced in that area tell me the differnces? I would really appreciate it. On the side note, is there any testing that simulates …

Read More