javax.net.ssl.SSLPeerUnverifiedException when proxying SoapUI through Burp

Ever try to proxy SoapUI through Burp when accessing an endpoint over ssl and get this error?

SSL Error in SOAPUI

Here’s how to fix-

First, in your SoapUI script(s), change the protocol of all of the endpoints from https to http.

Then go to the Proxy Listeners section in Burp and edit your current proxy.
Proxy Listeners Settings in Burp

Then go to the Request Handling Settings and select Force use of SSL
Request Handling Settings in Burp

This basically achieves several things.  It removes the untrusted cert error that SoapUI gives because the Burp SSL proxy cert doesn’t match the endpoint, isn’t a trusted cert, or isn’t in the Java keystore. It also allows you to view all of the traffic in Burp easily. Just remember that the Force use of SSL setting in Burp for the proxy forces all traffic through through the proxy to go over ssl, so be sure to change it back when finished.

This entry was posted in Security. Bookmark the permalink.