Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use BurpSuite proxy with HTTPS in chrome

Tags:

google-chrome

proxy

ssl

burp

BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?

like image 285
Silver Avatar asked Dec 05 '15 12:12

Silver

People also ask

How do I add a Burp Suite Proxy to Chrome?

Open Chrome and go to the Customize menu. In the Customize menu, select Settings, then open the Advanced settings. In the Advanced Settings section, click the Open your computer's proxy settings or Change proxy settings button. This will open the relevant configuration options for your host computer.

Does BurpSuite work on HTTPS?

To use Burp for penetration testing, use Burp's browser, which requires no additional configuration. To launch Burp's browser, go to the Proxy > Intercept tab and click Open Browser. A new browser session will open in which all traffic is proxied through Burp automatically. You can even use this to test using HTTPS.

Does BurpSuite work with Chrome?

Burp Suite Navigation Recorder is a Chrome extension that enables you to record complex navigation sequences, such as SSO logins, using your browser. You can then import the recording into Burp Suite Professional and Burp Suite Enterprise so that any future scans of the website can replicate your recorded actions.

How do you configure a browser to use a Proxy tool such as Burp Suite?

Select the General tab and scroll to the Network Proxy settings. Click the Settings button. Select the Manual proxy configuration option. Enter your Burp Proxy listener address in the HTTP Proxy field (by default this is set to 127.0.

2 Answers

Obtaining the certificate:

  • When chrome is configured to use Burp as a proxy, go to http://burp/cert and the DER encoded certificate will be downloaded automatically.
  • Download the certificate in BurpSuite under the Proxy->Options tab under Import / export CA certificate. Export the certificate in DER format.

Install the certificate:

  • Either by double clicking on it in your file browser (Nautilus in my case) or by importing it into Chrome.
    1. Another way of installing it is by importing directly into Chrome. Go to settings->Show advance settings... (at the bottom)->HTTPS/SSL:Manage certificates->Authorities(tab)->Import
    2. In the file selector you must set the file filter to 'DER-encoded binary..' or 'all files' to make your certificate file visible. The default file selector setting is base-64 encoded ASCII and our file is DER encoded.

Now, for the step I was missing in other explanations, in the chrome certificate manager in the tab Authorities (where you just imported the certificate), find the newly imported certificate. In my case it looked like this: enter image description here

Notice the "Untrusted", in my case this meant that it I still got the SSL warnings and the red padlock. Click on "untrusted PortSwigger CA" and click Edit...

Check "Trust this certificate for identifying websites." and click "OK". In my case the text "untrusted" didn't disappear directly but after restarting Chrome, the PortSwigger CA was trusted and SSL proxying works.

If this is a duplicate please tell me, but I haven't found a similar explanation.

like image 83
Silver Avatar answered Oct 01 '22 14:10

Silver

For Mac: Configuring BurpSuite Proxy with HTTPS and fixing the your connection is not private message

1. Configure Chrome to use Burp as a Proxy

enter image description here

You can view detailed instructions of this step here https://support.portswigger.net/customer/portal/articles/1783070-configuring-safari-to-work-with-burp

Make sure you hit OK and Apply

2. Download and Install the Burp Certificate

http://burp/cert

You need to have the proxy enabled to do this. Once it's downloaded, double click on it to install it. Save to login keychain.

3. Modify certificate permissions

Open Keychain Access and search for "portswigger" to find the certificate. Right click and hit "Get Info".

enter image description here

Select "Always Trust". enter image description here

The red Your connection is not private message should be gone now.

like image 45
joshuakcockrell Avatar answered Oct 01 '22 14:10

joshuakcockrell
Sign in to Comment

Related questions

Chrome debugger, horizontal scrollbar blocking variable values on hover
Native lazy-loading (loading=lazy) not working even with flags enabled
jQuery doesn't return proper body height on document load - Their bug or mine?
Chrome/webkit not rendering css display change on input:checked + element + element
An invalid form control with name='' is not focusable. WITHOUT ANY REQUIRED OR HIDDEN INPUTS
Touch Move event don't fire after Touch Start target is removed
How to get screenshot from chrome dev tools performance frame
How to let the chrome forget the page scroll position?
Chrome save to PDF custom filename
Base64 Image open in new tab: Window is not allowed to navigate Top-frame navigations to data URLs
How to remove black border from option when hover in chrome 83
Chrome Extension: Open tab without popup
python linux selenium: chrome not reachable
PWA: How to retrigger beforeinstallprompt?
Filter only the requests with errors - Google chrome network
Chrome loading forces float:right to new line
How can I have a Blank Title Page?
Performance of Google chrome vs nodejs (v8)?
JQuery 2.0.3 Chrome Error Resources must be listed in the web_accessible_resources manifest key in order to be loaded by pages outside the extension
Applescript - Google Chrome activate a certain window

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!