Re: [Burp-users] Could not find ssl_cert /etc/burp/ssl_cert-client.pem, ssl_cert-client.key, ssl_cert_ca.pem : No such file or directory

[Graham K. <gr...@gr...>]

> On 10/6/2022 10:39 PM, Graham Keeling wrote:
> > On Thu, Oct 06, 2022 at 07:26:47PM -0700, Jay Lepore wrote:
> > > Hello,
> > > 
> > > When installing from source and attempting to run *burp -a b* it fails to
> > > run the backup based on missing client SSL certs.
> > > 
> > > After reviewing your page herehttps://burp.grke.org/docs/burp_ca.html  I can
> > > indeed see some of the expected outcomes but in the end I get errors and am
> > > not clear on how to resolve this.
> > > 
> > > I have created a video to make more complete for you the problem I am
> > > facing.
> > > 
> > >   *https://www.youtube.com/watch?v=yRenXp2Wh0I
> > Hello,
> > 
> > I think the error is the SSL line that ends with:
> > SSL alert number 46, which can be seen at around 1:20 in the video as it
> > zooms out.
> > 
> > These sorts of SSL errors are quite annoying, as they are hard to figure out.
> > The error comes from the operating system's ssl libraries rather than burp
> > itself.
> > And this one is really generic:
> > "certificate_unknown: An unspecified issue took place while processing the
> > certificate that made it unacceptable."
> > 
> > Often, it is something to do with the latest distro, where they have made some
> > system-wide setting that limits the parts of ssl that can be accepted.
> > 
> > If you let me know what distro version you are using, I will make a VM and try
> > to reproduce/debug.

On Thu, Oct 06, 2022 at 11:56:43PM -0700, Jay Lepore wrote:
> Using the following distro:
> 
> PRETTY_NAME="Ubuntu 22.04.1 LTS"
> NAME="Ubuntu"
> VERSION_ID="22.04"
> VERSION="22.04.1 LTS (Jammy Jellyfish)"
> VERSION_CODENAME=jammy
> ID=ubuntu
> ID_LIKE=debian

Hello,

I installed this OS in a VM, and installed burp 2.4.0 in it from source, and I
was able to do a test backup with no issues from itself to itself.
I am not sure from your video whether the same host is the client and server,
or whether the client is on a separate host. In the past, I have seen
temporary SSL issues due to clock differences between two different hosts
because the certificate looks like it is in the future for one of them - until
time passes and the future arrives. I mitigated this in some earlier version
of burp, so I think this is unlikely. And also, the error was more obvious
when that happened.
I see in your most recent video that you were changing some of the CA settings
and now you are past the certificate problems.

Regardless, here is the procedure that I followed (after having installed
Ubuntu 22.04 and added the dependencies that burp requires to compile). Some
of the points are probably useful to you from a debugging/understanding
viewpoint:

* copy the burp source to the VM
* cd burp
* autoreconf -vif
* ./configure --prefix=/usr --sysconfdir=/etc/burp --localstatedir=/var
* make
  - there are openssl3 deprecation warnings, these are because the openssl
    developers want to remove some functions in the future
    changes in the latest burp address these warnings
* make install (as root)
* make install-configs (as root)

In a second terminal, as root:
* burp -c /etc/burp/burp-server.conf -F -o stdout=1
  - "-F" keeps it in the foreground
  - "-o stdout=1" enables extra output

In a third terminal, as root:
* burp -a b

The backup proceeds.
The client outputs plenty of information as the backup proceeds.
The server outputs less information as the backup proceeds.

More information about the specific backup is logged in the backup directory in
/var/spool/burp/testclient/(backup number)/log.gz
You can look at it, for example, with "zless log.gz".
If the backup were to fail, the log would not become gzipped, and you could
look at it, for example, with "less log".
Once the server has a backup directory to play with, it logs everything to
this log rather than stdout or syslog.

To see more live information about what's going on, there is also the burp
status client. To enable the server config for it, make sure this line is
enabled in burp-server.conf:
listen_status = 127.0.0.1:4972
You will then need to restart the server process.
Then on the client side, run:
burp -a s
And the ncurses client should connect to the server and start.
You can use the arrow keys to move around.
By default, you can only view the status of the client that is connected, but
you can give it permissions to view other clients using the
restore_client/super_client server side options.