I'm using BurpSuite to intercept the HTTP/HTTPS requests sent when logging in on https://www.nike.com/. I'm trying to achieve this with the following step:
Opening BurpSuite and Firefox
Turning on the proxy intercept
Turning on FoxyProxy on Firefox
Opening the website and trying to logging
These steps usually work for me, but in this case, I'm getting a "we are unable to connect to our servers" error without anything appearing on the intercept tab when trying to logging (I have tried turning off the intercept feature but it still yields the same issue, so I think it might be a proxy and certificate problem).
To clear things up:
I'm running the latest versions of BurpSuite and FireFox.
I have installed and reinstalled the BurpSuite certificate using this guide.
I've tried all of this on my iMac, MacBook and iPhone all of these devices yield the same issue
Here bellow is the error message I'm getting:
Here are my BurpSuite Proxy setting:
(in the Certificate tab I just have Generate CA-signed per-host certificates selected)
I have been using BurpSuite for over 2 years now and it's the first time I'm facing such an issue, any help is appreciated
I have shared my question with the Portswigger support (the team behind BurpSuite) and got the following response:
Hi
Thanks for your message.
We have reproduced the issue in our testing environment.
It looks like Nike.com are performing a fairly sophisticated check to
stop automated tool from accessing parts of their site.
Please let us know if you need any further assistance.
Cheers
Liam Tai-Hogan
PortSwigger Web Security
Related
I'm facing an extremely annoying problem on Instagram that I can't find a solution for. I keep running into this problem despite working with multiple proxy providers.
When I want to access Instagram via proxy, I get the following text:
"There was a problem logging you into Instagram. Please try again
soon."
but when I leave the proxy I can easily access the same account.
I understand that this is caused by the proxy but I can't figure out why.
The proxy that worked an hour ago doesn't work an hour later, or the proxy that didn't work works strangely.
I am using a Shareless IPv4 Proxy
According to what is this happening?
How can I avoid this error?
What should I look for when buying a proxy?
What are the things you recommend?
Is it possible to overcome it?
The Interactive Borker (IB) has a setting for the proxyRemoteHost which is like this "ib.abcd.com". This config won't work unless it's changed to "X.ib.abcd.com", where X = [1-5]. We need to specify a server to make it to work. Although this looks good for DEV purpose, in product we don't wanna specify the server instead use the base URL.
The Interactive Broker team has been troubleshooting this issue for a while and not able to pin point any reason. I really appreciate if anyone can help me understand probable causes behind this issue, so I can give more input for the relevant team to fix this issue. I can't add the logs due to some sensitive information in them. In logs, we can see the SSO authentication always fails while using proxyRemoteHost setting as base URL ("api.abcd.com") but works when we specify a server ("X.api.abcd.com"). No further info in the logs that mentions any reasons behind the failure.
We have tested this on latest Chrome and Firefox with CORS enabled. Also, once in a blue moon, it works fine with the base URL which totally surprises me.
I am using Laravel and am trying to send email using Mailgun and Laravel's native Mailable class. The emails are generated as a result of submitting one of several forms. I have been developing my features for a couple of days, and have successfully been receiving emails from my local machine (using homestead) throughout this time.
I have uploaded my code to a server, tested the forms, and everything is still good. Additionally, a colleague of mine has downloaded the code and tests are still successful. So in short, 2 local homestead environments and one ubuntu server are all working as expected.
Suddenly, this functionality has stopped working in all three environments. Upon submitting any form, I get the following error message:
GuzzleHttp \ Exception \ RequestException
cURL error 60: SSL certificate problem: self signed certificate in
certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
This has started happening without any changes being made to the code, and is happening on both the local environments and the server - all at the same time.
I have absolutely no idea what could cause this. Is this mail related and something to do with Mailgun? Is this really a certificate issue and maybe something to do with a corporate certificate that allows traffic to leave the network? I am at a loss.
Is anyone able to offer any advice?
Thanks
Well, after a good night's sleep, I returned this morning and found all my forms working again. I have no idea what the problem was, but it seems to be a problem with an external service, not my setup.
Thanks
I've been using Bitbucket for 2 years on my Macbook. Today I went to view one of my depots but I am getting the error message, Your connection is not secure. All other sites works, it's only Bitbucket.org that is giving me this error. I've tried using Safari and Firefox, neither work. I also can not connect using SourceTree. I am able to connect on my Windows computer so that rules out my router. I've deleted all expired certificates in Keychain and deleted cookies and cache. Does anyone know what the issue might be?
The Macbook's clock is set automatically and is displaying the correct time. In Firefox, when the website fails to load, I can see these 3 messages by clicking the Advance button,
bitbucket.org uses an invalid security certificate.
The certificate is only valid for search.dnsadvantage.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN.
If I click on the last error, it opens another page which displays, https://bitbucket.org/ Unable to communicate securely with peer: requested domain name does not match the server's certificate. HTTP Strict Transport Security: true HTTP Public Key Pinning: false.
Is there somewhere else I need to go to locate more information about the error?
Looks like you've picked up a virus and/or malware:
http://www.fixingvirus.com/always-redirected-to-search-dnsadvantage-com-how-to-stop-it/
That link is for Windows machines so maybe check this for Macbook?:
https://www.fixyourbrowser.com/how-to/remove-adware-mac-osx-safari-chrome-firefox/
Note I don't vouch for above links but first ones that came up when I Googled for "search.dnsadvantage.com". Seems a common problem.
I am attempting to write an automation script for a process on a website using PhantomJS. I have done this same type of automation many times before, but I am having trouble with this one particular website that uses Oracle Access Manager.
When I log in with Chrome or any other desktop browser, I have no problems. However, when I try to log in with the headless browser I receive an OAM9 error which is very unspecific "for security reasons"
I have tried changing the user agent string and ignoring bad ssl certificates, I am running out of ideas and my higher ups promised this functionality to someone. Any help would be appreciated.