Jump to content

loblo

Member
  • Posts

    1,183
  • Joined

  • Last visited

  • Days Won

    6
  • Donations

    0.00 USD 
  • Country

    United Kingdom

Everything posted by loblo

  1. { "project_options":{ "http":{ "streaming_responses":{ "scope_advanced_mode":true, "store":false, "strip_chunked_encoding_metadata":false, "urls":[ { "enabled":true, "file":"^.*.exe|.zip|.7z|.rar|.tar|.iso|.mp3|.mp4|.flac.*", "protocol":"any" } ] } } } } Save this as a json file and import it in Project Options > HTTP > Streaming Responses, it should take care of your zip download issue as well as that of a number of other potentially too big files of other types and easy enough to add some more if needed.
  2. Type https://burp/cert in your browser address bar, click enter. A DER certificate will appear, choose to open it, click on install in the next dialog.
  3. I'm using Opera 12.02 too, I don't know what this Opera 12.50 is.
  4. Opera 12.50, what OS are you on? I don't get this error with Azul Zulu 8.48.0.49 but I'm using the JRE from the JDK, maybe there is some difference (unlikely). They've released an 8.48.0.51 update within a few days, might be worth trying it as it possibly fix this bug, who knows?
  5. NLE: Adobe Premiere 6 Ulead Media Studio Pro (NLE + other tools) IMSI Lumiere Sonic Foundry Vegas 4 Serif MoviePlus 4 VFX: Adobe After Effects 6.5 Discreet Combustion 2 Ulead Cool 3D Studio Xara 3D 2 Wondertouch Particle Illusion 2 All these I bought and they are still installed on my ME machine but I've never much used them.
  6. Select "all files" and import your DER certificate, Opera will accept it.
  7. I thought intercept was disabled by default otherwise i would have mentioned it, sorry about that. You should get zero certificate errors popups when using the proxy if the certificate export/import has been done correctly, I never see any. As you've probably figured out, you can edit or create your own user agent spoofs, these are just examples. I can go on the Trend Micro site and download the file with Opera 12 without using the proxy. This being said one limitation of Burp is that it's not really suited for downloading large files as it will load them entirely in memory before passing them to the browser. Using Burp I had no secure connection error when clicking on the file link but nothing but an hourglass happened in Opera and a message telling me it failed to allocate memory was on the Burp dashboard log. (Java VM uses a max of 250MB of RAM by default). One workaround is to set the download url as a streaming link somewhere in the options but I never tried that myself as it doesn't seem too practical (only read about it on the Burp forums) and I use JDownloader 2 for such cases: https://www.videohelp.com/software/JDownloader There are a variety of settings you can try to change in case of connection issues but an important one is to make sure that the Java SNI extension is not disabled (in User Options > SSL > Java SSL Options) otherwise a number of sites fail to connect including everything powered by CloudFlare apparently.
  8. There is no more ncrypt.dll on 9x than there is on XP. It's possible the newer KernelEx you've got installed takes care of it but I get Burp crashing before getting to the main interface if I don't downgrade this file. Basic setup is to export a CA certificate from the Proxy tab > Options tab > Proxy Listeners and import it as trusted authority in your browser and set your browser to use the same host and port as Burp for proxying (127.0.0.1 and localhost is the same thing).
  9. Yeah, you'll have to deal with this message every time you start it unfortunately. Version 2.1.07 has an option to dismiss this message on subsequent runs but it exits soon after with a message saying 32-bit systems not supported on the console. Maybe it's possible to edit some resources to make Burp believe it run on Oracle's. You're fully loaded, right, intimidating interface in front you? I need to replace sunmscapi.dll with an older version that doesn't have the ncrypt.dll dependency in addition to set the java executables to 2K mode (older KernelEx version) for these Azul builds to work.
  10. Great Job! Well next run Burp on Azul if you haven't done so already and then configure Burp and your browser so they work together nicely.
  11. Looks like that auxilliary psapi is all that might be needed.
  12. Check "Test by loading KernelEx" and then click on Analyze. Copy the result and paste it here if something is found.
  13. It turns out I don't need to set anything to 2K mode for running the reference OpenJDK but only need it on the java executables (dlls will inherit the setting if they are not set for a specific mode) for the Azul and other recent builds. Use Import Patcher on jvm.dll and maybe other dlls to identify possible missing dependent functions not provided by the system dlls or KernelEx.
  14. You won't have TLS 1.3 support with Burp 1.7.36 on Java 7 if that's what you want.
  15. Last Burp version running on a 32-bit system is 2.1.04. It requires Java 8 at the minimum and runs fine on my ME system on any build/version of it I have tried, older Oracle builds as well as current Azul, Bellsoft and Red Hat ones. https://portswigger.net/Burp/Releases/Download?productId=100&version=2.1.04&type=jar Last Burp version running on Java 7 is 1.7.36 https://portswigger.net/Burp/Releases/Download?productId=100&version=1.7.36&type=jar To have TLS 1.3 support via Java you need to run Burp on Azul Zulu OpenJDK 8 Update 262 8.48.0.49 or 8.48.0.51 at the time of this writing. The Azul Zulu OpenJDK is more difficult to run than the reference implementation you've so far unsuccesfully tried. You need to identify why Java 8 doesn't start on your machine. I would use Jumper's import Patcher for that purpose.
  16. Yes I run it on ME but I don't see why you couldn't also run it on 98SE. As I expected, getting Java 8 to run is going to be the most challenging part. What's your KernelEx status? Version, extensions, etc..? Just having the latest stable Xeno build from sourceforge won't be good enough.
  17. Current Burp version doesn't run on 32-bit systems.
  18. OK then, first you need to be able to run Java 8. Try with the reference implementation here: https://download.java.net/openjdk/jdk8u41/ri/openjdk-8u41-b04-windows-i586-14_jan_2020.zip (we will need this later too for at least one file). Unpack, and set java.exe in the jre/bin directory to windows 2000 mode (you need KernelEx installed at the minimum) and then try to run an executable jar file with it (java.exe -jar yourjarfile.jar) and see what happens.
  19. In short, by using Burp Suite Community Edition as an HTTPS proxy for Opera running on Azul OpenJDK 8 Update 262.
  20. I don't see why not on 98SE and yes Burp is a local MITM proxy, Owasp Zap can be used too for the same purpose. I'll be laying out the details tomorrow in this thread: Bedtime for now.
×
×
  • Create New...