Are you tired of wrestling with the Apache Camel https connection and Burp Suite proxy, only to be met with the frustrating SSLException: Unsupported or unrecognized SSL message? Fear not, dear developer, for we have got you covered! In this comprehensive guide, we’ll delve into the world of SSL/TLS connections, Apache Camel, and Burp Suite, providing you with a clear, step-by-step solution to overcome this pesky error.
Understanding the Basics: SSL/TLS, Apache Camel, and Burp Suite
Before we dive into the solution, it’s essential to understand the fundamentals of each component involved in this puzzle.
SSL/TLS: The Secure Connection Protocols
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols used to establish secure connections between a client and a server. These protocols ensure the confidentiality, integrity, and authenticity of the data exchanged between the parties involved.
Apache Camel: The Integration Framework
Apache Camel is a versatile open-source integration framework that enables you to integrate various systems, applications, and services using a variety of protocols, including HTTP, HTTPS, FTP, and more. Camel provides a powerful routing and mediation engine, making it an ideal choice for building enterprise-level integrations.
Burp Suite: The Web Application Security Testing Toolkit
Burp Suite is a comprehensive toolkit designed for web application security testing. It allows you to identify vulnerabilities, inspect traffic, and analyze requests and responses. Burp Suite provides a proxy service that enables you to capture and manipulate traffic between your application and the target server.
The Problem: SSLException: Unsupported or unrecognized SSL message
When you attempt to establish an HTTPS connection using Apache Camel through the Burp Suite proxy, you might encounter the following error:
javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1083)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1353)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:749)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.conn.AbstractClientConnAdapter.pushRequest(AbstractClientConnAdapter.java:265)
at org.apache.http.protocol.impl.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
at org.apache.camel.component.http.HttpProducer.execute(HttpProducer.java:115)
at org.apache.camel.component.http.HttpProducer.process(HttpProducer.java:94)
at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:139)
...
This error occurs when the Burp Suite proxy is unable to handle the SSL/TLS connection negotiation, resulting in a malformed or incomplete handshake.
The Solution: Configuring Apache Camel, Burp Suite, and SSL/TLS
Now that we’ve explored the basics and identified the problem, let’s dive into the step-by-step solution to overcome the SSLException.
Step 1: Configure Burp Suite Proxy
Open Burp Suite and navigate to the Proxy tab. Enable the proxy server and set the listener to a suitable port (e.g., 8080). Make sure to configure the proxy to intercept HTTPS traffic.
| Proxy Server | Listener | Intercept HTTPS |
|---|---|---|
| Enabled | 8080 | Yes |
Step 2: Generate Burp Suite SSL Certificate
In Burp Suite, navigate to the Proxy tab and click on the “Generate CA certificate” button. This will generate a Burp Suite SSL certificate, which we’ll use to establish a trusted connection.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1599139433 (0x5f5c71a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer:
countryName = GB
organizationName = PortSwigger Ltd.
organizationalUnitName = Burp Suite
commonName = Burp Suite CA
Validity:
Not Before: Sep 11 14:10:33 2020 GMT
Not After : Sep 10 14:10:33 2023 GMT
Subject:
countryName = GB
organizationName = PortSwigger Ltd.
organizationalUnitName = Burp Suite
commonName = Burp Suite CA
Step 3: Configure Apache Camel to Use Burp Suite Proxy
In your Apache Camel application, configure the HTTP component to use the Burp Suite proxy.
<camel:camelContext xmlns="http://camel.apache.org/schema/spring">
<camel:proxy />
<camel:route id="myRoute">
<camel:from uri="direct:start"/>
<camel:setHeader headerName="CamelHttpProxyHost">
<camel:constant>localhost</camel:constant>
</camel:setHeader>
<camel:setHeader headerName="CamelHttpProxyPort">
<camel:constant>8080</camel:constant>
</camel:setHeader>
<camel:to uri="https://example.com"/>
</camel:route>
</camel:camelContext>
Step 4: Import Burp Suite SSL Certificate into Java Keystore
Import the Burp Suite SSL certificate into your Java keystore using the following command:
keytool -importcert -alias burpsuite -file burpsuite.crt -keystore mykeystore.jks
Replace `burpsuite.crt` with the path to the Burp Suite SSL certificate file and `mykeystore.jks` with the path to your Java keystore file.
Step 5: Configure Apache Camel to Trust Burp Suite SSL Certificate
In your Apache Camel application, configure the HTTP component to trust the Burp Suite SSL certificate.
<camel:camelContext xmlns="http://camel.apache.org/schema/spring">
<camel:proxy />
<camel:route id="myRoute">
<camel:from uri="direct:start"/>
<camel:setProperty propertyName="https.protocol" value="TLSv1.2"/>
<camel:setProperty propertyName="https.truststore" value="mykeystore.jks"/>
<camel:setProperty propertyName="https.truststore.password" value="changeit"/>
<camel:to uri="https://example.com"/>
</camel:route>
</camel:camelContext>
Replace `mykeystore.jks` with the path to your Java keystore file and `changeit` with the password for your keystore.
Conclusion
By following these steps, you should be able to successfully establish an HTTPS connection using Apache Camel through the Burp Suite proxy, bypassing the SSLException: Unsupported or unrecognized SSL message error. Remember to adjust the configuration according to your specific requirements and environment.
Now, go forth and conquer the world of SSL/TLS connections, Apache Camel, and Burp Suite!
Frequently Asked Question
Get answers to the most common issues with Apache Camel HTTPS connection through Burp Suite proxy.
Why do I get an SSLException when using Apache Camel with Burp Suite proxy?
This error occurs when Burp Suite proxy is not configured to allow the SSL/TLS connection from Apache Camel. Make sure to configure Burp Suite to use a trusted certificate and enable SSL/TLS support.
How do I configure Burp Suite to allow SSL/TLS connections from Apache Camel?
To configure Burp Suite, go to the Proxy -> Options -> SSL/TLS section and select the “Use a custom SSL certificate” option. Then, import the certificate and private key into Burp Suite. Also, make sure to configure Apache Camel to trust the Burp Suite certificate.
What is the importance of trusting the Burp Suite certificate in Apache Camel?
Trusting the Burp Suite certificate in Apache Camel is crucial to establish a secure connection between Apache Camel and Burp Suite proxy. If the certificate is not trusted, Apache Camel will not be able to establish a secure connection, resulting in the SSLException.
How do I enable debug logging in Apache Camel to troubleshoot the SSLException?
To enable debug logging in Apache Camel, set the logging level to DEBUG for the org.apache.camel.component.http and org.apache.http packages. This will provide more detailed logs to help you troubleshoot the SSLException.
What are some common causes of SSLException in Apache Camel with Burp Suite proxy?
Common causes of SSLException in Apache Camel with Burp Suite proxy include misconfigured certificates, incorrect truststore configurations, and unsupported SSL/TLS versions. Verify that the certificates are correctly configured and trusted, and that the SSL/TLS versions are compatible between Apache Camel and Burp Suite proxy.
