Saturday, June 01, 2019

security/burpsuite MODJAVA_VER

Burp Suite Community Edition needs jdk 1.8 to run properly. Using it
with jdk 11 will show this message on startup:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by burp.uie (file:/usr/local/share/java/classes/burpsuite.jar) to field javax.crypto.JceSecurity.isRestricted
WARNING: Please consider reporting this to the maintainers of burp.uie
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Your JRE appears to be version 11.0.3 from Oracle Corporation
Burp has not been fully tested on this platform and you may experience problems.

In addition, attempting to intercept HTTPS will make the browser show an
error code SSL_ERROR_RX_RECORD_TOO_LONG (I tested with Firefox).
According to [1], this is due to using the free edition of Burp Suite
with jdk 11.

The diff below fixes this by setting MODJAVA_VER to 1.8 which resolves
both issues. While here I have also:

* Used sthen@'s XXX message about checking if future updates will work
with jdk 11
* Changed the HOMEPAGE to https
* Switched to the new PERMIT_* markers

ok?

1. https://support.portswigger.net/customer/portal/questions/17434431-gettin-error-code-ssl-error-rx-record-too-long



Index: Makefile
===================================================================
RCS file: /cvs/ports/security/burpsuite/Makefile,v
retrieving revision 1.26
diff -u -p -r1.26 Makefile
--- Makefile 24 Mar 2019 22:24:14 -0000 1.26
+++ Makefile 2 Jun 2019 03:04:52 -0000
@@ -5,16 +5,16 @@ COMMENT = tool for testing security of
VERSION = 1.7.36
DISTNAME = burpsuite_free_v${VERSION}
PKGNAME = burpsuite-${VERSION}
+REVISION = 0

DISTFILES=${DISTNAME}${EXTRACT_SUFX}{Download?productId=100\&version=${VERSION}\&type=Jar}

CATEGORIES = security

-HOMEPAGE = http://portswigger.net/burp/
+HOMEPAGE = https://portswigger.net/burp/

-PERMIT_PACKAGE_CDROM= https://portswigger.net/burp/eula-free.html
-PERMIT_PACKAGE_FTP= https://portswigger.net/burp/eula-free.html
-PERMIT_DISTFILES_FTP= https://portswigger.net/burp/eula-free.html
+PERMIT_PACKAGE = https://portswigger.net/burp/eula-free.html
+PERMIT_DISTFILES = https://portswigger.net/burp/eula-free.html

MASTER_SITES = https://portswigger.net/Burp/Releases/

@@ -22,7 +22,8 @@ EXTRACT_ONLY =
EXTRACT_SUFX = .jar

MODULES = java
-MODJAVA_VER = 1.8+
+# XXX if updating, please check if it works with jdk 11 and switch to "1.8+" if ok
+MODJAVA_VER = 1.8
MODJAVA_JRERUN = yes

RUN_DEPENDS = java/javaPathHelper

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)