better SSL support with BURP
26 views
Skip to first unread message
Jeroen
Oct 14, 2010, 7:51:49 AM10/14/10
to APJP
download APJP-0.7.0
download BURP 1.3.0.3 (free edition) or better: http://portswigger.net/proxy/
unzip burpsuite_v1.3.03.zip
start BURP
- click PROXY
- click INTERCEPT
- set INTERCEPT IS ON to INTERCEPT IS OFF
- click OPTIONS
- scroll to UPSTREAM PROXY SERVER
- set DESTINATION HOST to *
- set PROXY HOST to 127.0.0.1
- set PROXY PORT to 10443
- click ADD
start APJP
start FIREFOX
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click NETWORK
- click SETTINGS...
- check MANUAL PROXY CONFIGURATION
- set HTTP PROXY to 127.0.0.1 and PORT to 10080
- set SSL PROXY to 127.0.0.1 and PORT to 8080
- click OK
- browse to https://www.google.com, you will see THIS CONNECTION IS
UNTRUSTED
- click I UNDERSTAND THE RISKS
- click ADD EXCEPTION...
- click GET CERTIFICATE
- click VIEW...
- click DETAILS
- select PORTSWIGGER CA
- click EXPORT...
- set FILE NAME to PORTSWIGGERCA
- set SAVE AS TYPE to X.509.CERTIFICATE (PEM)
- click SAVE
- click CLOSE
- click CANCEL
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click ENCRYPTION
- click VIEW CERTIFICATES
- click AUTHORITIES
- click IMPORT...
- set FILE NAME to PORTSWIGGERCA
- set FILES OF TYPE to CERTIFICATES
- click OPEN
- check TRUST THIS CA TO IDENTIFY
WEBSITES
- click OK
- click OK
- click OK
- browse to https://www.google.com
:)
download BURP 1.3.0.3 (free edition) or better: http://portswigger.net/proxy/
unzip burpsuite_v1.3.03.zip
start BURP
- click PROXY
- click INTERCEPT
- set INTERCEPT IS ON to INTERCEPT IS OFF
- click OPTIONS
- scroll to UPSTREAM PROXY SERVER
- set DESTINATION HOST to *
- set PROXY HOST to 127.0.0.1
- set PROXY PORT to 10443
- click ADD
start APJP
start FIREFOX
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click NETWORK
- click SETTINGS...
- check MANUAL PROXY CONFIGURATION
- set HTTP PROXY to 127.0.0.1 and PORT to 10080
- set SSL PROXY to 127.0.0.1 and PORT to 8080
- click OK
- browse to https://www.google.com, you will see THIS CONNECTION IS
UNTRUSTED
- click I UNDERSTAND THE RISKS
- click ADD EXCEPTION...
- click GET CERTIFICATE
- click VIEW...
- click DETAILS
- select PORTSWIGGER CA
- click EXPORT...
- set FILE NAME to PORTSWIGGERCA
- set SAVE AS TYPE to X.509.CERTIFICATE (PEM)
- click SAVE
- click CLOSE
- click CANCEL
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click ENCRYPTION
- click VIEW CERTIFICATES
- click AUTHORITIES
- click IMPORT...
- set FILE NAME to PORTSWIGGERCA
- set FILES OF TYPE to CERTIFICATES
- click OPEN
- check TRUST THIS CA TO IDENTIFY
WEBSITES
- click OK
- click OK
- click OK
- browse to https://www.google.com
:)
Reply all
Reply to author
Forward
0 new messages