如何使用burp套件代理HTTPS流量？

Question

I have a website which is available at: https://abs:8443/myweb I use burp suite as a local proxy:

proxyIP = "127.0.0.1"
proxyPort = 8080

Then I tried to proxy the https trafic via burp to the https website but it failed. Here is what I tried:

import sys
import socket
import ssl
import os

url = "https://abs:8443/myweb"
proxyIP = "127.0.0.1"
proxyPort = 8080
targetIP = "abs"
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s_sock = context.wrap_socket(sock, server_hostname=targetIP)
s_sock.connect((proxyIP, proxyPort))

data = "some data"

payload = (
    "POST "+url+" HTTP/1.1\r\n"
    "Host: "+targetIP+":8443\r\n"
    "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0\r\n"
    "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
    "Accept-Language: en-US,en;q=0.5\r\n"
    "Accept-Encoding: gzip, deflate\r\n"
    "Content-Type: application/x-www-form-urlencoded\r\n"
    "Content-Length: "+str(len(data))+"\r\n"
    "\r\n" + data + "\r\n"
)

sock.sendall(payload)
recv = sock.recv(64000)
sock.close()
print recv

How to proxy HTTPS traffic with burp suite?

Answer 1

You will need a normal listener, such as 127.0.0.1:8080 - Then you will have to install the burp CA certificate in order for the proxy listener to be able to negotiate SSL connections.

PortSwigger have written documentation for this:

• https://portswigger.net/burp/documentation/desktop/tools/proxy/options/installing-ca-certificate
• https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser