Skip to content

Troubleshooting

Jump to bottom Edit New page
Pablo Estigarribia edited this page Jul 16, 2019 · 8 revisions

Troubleshooting certificates issues

Is good to carefully read the oficial documentation and undertand how the certificates process works.

http://burp.grke.org/docs/burp_ca.html

1) The server doesn't generate the certificates required in CA folder.

If for some reason you have manually created the /etc/burp/CA dir, just do it:

    rm -r /etc/burp/CA

Generate new ca certs for server

    # Stop server
    service burp-server stop 
    # Generate new cert and exit
    burp -g -c /etc/burp/burp-server.conf -F
    # Start server ...

Explained:

When the server starts, the ca_conf file will be read, and the CA_DIR value from that file will be read. If the CA_DIR directory already exists, the automatic CA setup finishes here.

2) Client for monitor doesn't see more than one client (itself)

Normally client used to monitor all clients, configured on /etc/burp/burp.conf or in /etc/burp/monitor.conf.

Add client as restore_client in burp-server.conf, like:

    restore_client monitor

where 'monitor' is the name of the client defined in monitor.conf for example (line name = monitor)

3) Client certs could not be signed, got error similar to "No such file or directory"

Error similar to:

~  burp -a m
{ "logline": "Could not find ssl_cert /etc/burp/ssl_cert-burp-ui.pem: No such file or directory" }
{ "logline": "Could not find ssl_key /etc/burp/ssl_cert-burp-ui.key: No such file or directory" }
{ "logline": "Could not find ssl_cert_ca /etc/burp/ssl_cert_caèburp-ui.pem: No such file or directory" }
{ "logline": "auth ok" }
{ "logline": "Server version: 2.0.52" }
{ "logline": "Server will sign a certificate request" }
{ "logline": "Generating SSL key and certificate signing request" }
{ "logline": "Running '/usr/sbin/burp_ca --key --keypath /etc/burp/ssl_cert-burp-ui.key --request --requestpath /etc/burp/CA-client/burp-ui.csr --name burp-ui'" }
generating key burp-ui: /etc/burp/ssl_cert-burp-ui.key
Generating RSA private key, 2048 bit long modulus
........+++
..+++
e is 65537 (0x10001)
generating request burp-ui
/etc/burp/CA-client/burp-ui.csr: No such file or directory
3070026960:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/burp/CA-client/burp-ui.csr','w')
3070026960:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
{ "logline": "/usr/sbin/burp_ca returned: 0" }
{ "logline": "could not open /etc/burp/CA-client/burp-ui.csr: No such file or directory" }
{ "logline": "Error with cert signing request" }

By mistake, in some cases people confuses the usage of ssl files and if for some reason some of these files are the same for client and server running on the same system, server or client could overwrite some of these files.

Is better to have different files for ssl files on burp-server.conf (good file):

    # SSL certificate authority - different file on both server and client
    ssl_cert_ca = /etc/burp/ssl_cert_ca.pem

    # Server SSL certificate
    ssl_cert = /etc/burp/ssl_cert-server.pem

    # Server SSL key
    ssl_key = /etc/burp/ssl_cert-server.key

On client, ej: burp.conf (good file)

    name = burp-ui
    # SSL certificate authority - diferent file on both server and client
    ssl_cert_ca = /etc/burp/ssl_cert_ca-burp-ui.pem
    # Client SSL certificate
    ssl_cert = /etc/burp/ssl_cert-burp-ui.pem
    # Client SSL key
    ssl_key = /etc/burp/ssl_cert-burp-ui.key
    # SSL key password
    ssl_key_password = password

You can confirm if those were really overwritten, if you see different dates on those files for the server, ej:

    -rw-r--r-- 1 root root 1131 janv.  1  1970 ssl_cert_ca.pem
    lrwxrwxrwx 1 root root   27 déc.   8 23:05 ssl_cert-server.key -> /etc/burp/CA/burpserver.key
    lrwxrwxrwx 1 root root   27 déc.   8 23:05 ssl_cert-server.pem -> /etc/burp/CA/burpserver.crt

Possible conclusion is: the server CA is broken, you need to repair it:

Try to delete these files: (backup all /etc/burp first)

    rm /etc/burp/ssl_cert-server.pem /etc/burp/CA/burpserver.crt /etc/burp/ssl_cert_ca.pem rm /etc/bup/ssl_cert-server.pem /etc/burp/CA/burpserver.crt

    rm -r /etc/burp/CA

Generate new cert for server

    # Stop server
    service burp-server stop 
    # Generate new cert and exit
    burp -g -c /etc/burp/burp-server.conf -F
    # Start server ...

You will need to remove the certs files on other clients too, so they will request new certs to server.

More details are explained at:

https://github.com/grke/burp/issues/519#issuecomment-266063355

4) Clients certs not valid after reinstall client

When you reinstall a client, the server certs of previous signing are still on burp server, but new installation has no certs, so server doesn't validate the certs.

One solution is to clean the old client certs on burp server:

sudo rm /etc/burp/CA/clientname.c*

Another solution is to get old client certs from backup, see Recreation of burp client...

Troubleshooting stuck finishing state

You could receive an email with this message:

error in check_for_rubble()

And see on client log:

main socket: unexpected command in asfd_simple_loop(), called from maybe_check_timer(): e:0041:Now finalising previous backup of client. Please try again later.
  • Warning, before starting with these steps it is recommended to stop all burp processes on server and fsck your filesystem*

Then on server you see this:

# My storage directory is in /storage/burp/data
root@servername# cd /storage/burp/data/clientname

# See the folders and files
/storage/burp/data/clientname# ls
0000526 2019-06-11 08:43:05 -0300  0000540 2019-06-29 11:03:08 -0300  0000543 2019-07-09 09:23:05 -0300  0000546 2019-07-12 09:43:09 -0300
0000533 2019-06-20 08:23:19 -0300  0000541 2019-06-30 16:43:07 -0300  0000544 2019-07-10 10:23:06 -0300  current
0000539 2019-06-28 08:23:10 -0300  0000542 2019-07-08 09:43:32 -0300  0000545 2019-07-11 10:23:07 -0300  finishing

# see you have stuck finishing link:
root@servername:/storage/burp/data/clientname# file finishing
finishing: symbolic link to 0000546 2019-07-12 09:43:09 -0300

# See there is no burp process
root@servername:/storage/burp/data/clientname# lsof | grep clientname
bash      31378             root  cwd       DIR              252,0     4096  5637217412 /storage/burp/data/clientname
lsof      31417             root  cwd       DIR              252,0     4096  5637217412 /storage/burp/data/clientname
grep      31418             root  cwd       DIR              252,0     4096  5637217412 /storage/burp/data/clientname
lsof      31419             root  cwd       DIR              252,0     4096  5637217412 /storage/burp/data/clientname

# See log on server:

tail finishing/log
--- omitted lines ---
Problem with prior backup. Please check the client log on the server.2019-07-16 09:23:06 -0300: burp[790] MESSAGE: Running notify script

# Delete them:
# Delete also 000545 in this case due to the fact it is not part of the latest backup
root@servername:/storage/burp/data/clientname# rm -rf finishing
root@servername:/storage/burp/data/clientname# rm -rf 0000546\ 2019-07-12\ 09\:43\:09\ -0300/
root@servername:/storage/burp/data/clientname# rm -rf 0000545\ 2019-07-11\ 10\:23\:07\ -0300/

If this doesn't works, it is probably some other error with filesystem, and you could require to delete all your backups and start again. This is not common at all, it only happened in my case with a server that uses disk through iscsi to connect to a NAS, and the NAS had power breakout during operation, so we had this corrupt client.

Troubleshooting Windows clients

Windows has some specific components like VSS and the task scheduler was acknowledged to have its own problems, so we will dedicate a new wiki page for their own problems:

Windows clients Troubleshooting

Add a custom footer
Add a custom sidebar
Clone this wiki locally