Handshake Alert Unrecognized_name Burp Suite

SoapUI Pro, LoadUI Pro, ServiceV Pro: New Names, One Brand ReadyAPI.

This is the first time I had to deal with this error in Burp and I was trying to figure out what was the problem. It seems there is a problem with Java which causes Burp to fail when accessing some specific websites. This is the screen you get when this particular error occurs.
Figure 1 - Burp Error handshake alert: unrecognized_name

If you ever stumble upon this problem the solution is easy once you know what to do. As a start, make sure you have the latest version of Java installed.

Thanks @matthewrudy. @astjohn We found that 2 of our servers were very busy last week that causing invalid SSL connection. We have setup few more servers for temporarily solving this issue and is now double checking the servers to see if anything strange there. @hoss, it looks like the certificate of the server was issued by an entity that is not present in the trust store used by OpenSSL, and also possibly not present in the trust store used by your server (the client), when it connects to the server. In that case, you'll need to import the certificate of the CA that issued the certificate (and not the server) into your client's (OpenSSL/your server.

After posting this on Twitter, Burp Suite (@Burp_Suite) responded with the following tweet. Well done Burp Suite!

Handshake Alert Unrecognized_name Burp Suite Download

Handshake alert unrecognized_name burp suite -Handshake Alert Unrecognized_name Burp Suite
Figure 2 - Burp Suite response to the issue

Technically, one of the ways to solve the problem is by going to the Options tab in Burp, scroll down to SSL Negotiation Workarounds and tick the box 'Allow unsafe renegotiation (required for some client certificates)'.
2017
On the other hand, I tend to use a .bat file for running Burp. This allows me to be flexible when I want to specify any additional parameters and in this case it came handy.

@echo offSuite

Received Handshake Warning Unrecognized_name Burp Suite

java -jar C:burpsuiteburpsuite_free_v1.6.01.jar
In order to fix the error, either user a .bat file like I have or start Burp with the following command Java command:

@echo off
java -Djsse.enableSNIExtension=False -jar C:burpsuiteburpsuite_free_v1.6.01.jar
This should address the problem and Burp will start working as it should. On a side note, if Firefox is the browser you prefer to use with Burp, you will notice that after the latest update there is a problem with the certificates. To solve this problem you will have to visit the page http://Burp while you are connected to the Burp proxy. Burp will respond with the following page:
Figure 3 - Downloading the Burp CA Certificate


Click the CA Certificate link, and save the Burp Certificate on your system. Then go to Firefox > Options and select Advanced.

Figure 4 - Importing the Burp CA Certification into Firefox


Click on View Certificates and import your Burp Certificate. Refresh your Firefox page and any certificate issue should go away.

Approx a year back, Mozilla added a new feature “Captive Portal” support to Firefox browser in an attempt to enhance usability when connecting to free Wi-Fi portals.

Captive Portal feature covers the detection and implementation of handles for captive portals inside Firefox browser. Firefox is expected to handle the handling of a captive portal page upon detection of such. Certain business logic related to the detection and management of a captive portal is expected to be in place and documented in the Specs section.

Also Read: [Solution] SSL Handshake Alert Error – Burp Suite

This feature is really annoying when it comes to using Burp Suite as a proxy for Firefox. Instagram. Because if you are a pentester, you are probably used using Firefox for traffic interception through Burp Intercept but along with normal requests, you may seen a lot of GET requests of /success.txt as shown below:

Handshake Alert Unrecognized_name Burp Suite 2017

Unrecognized_name

Seeing all those requests in Burp, much less thinking about all the noise they generate otherwise, is annoying. Because you probably won’t ever need to use a Captive Portal on your pentesting machine.

Open your Mozilla Firefox browser, and type “about:config” and click on “I accept the risk!” as shown in below screen.

Search “captive-portal” in the search bar and you’ll see some entries related to captive portal named as “network.captive-portal-service.enabled” whose default value is false and you just need to double click on the following entry to set it true.