Burp Suite抓HTTPS数据包
测试环境[+] JDK1.8.0_40[+] Burp Suite 1.6.17
下载地址:
[+]JDK
[+] Burp Suite 1.6.17
一、burp介绍请自行参阅https://portswigger.net/burp/这里不过多介绍二、burp拦截HTTPS包的使用方法【以IE为例】1、配置浏览器代理(目前支持:IE、Firefox、Chrome、Safari、IPhone、Android)拿IE为例:工具——Internet选项——连接(局域网设置)——代理服务器https://img-blog.csdn.net/20150823121124802?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
二、配置HTTPS抓包方法【以Firefox为例】通常情况下burp默认只抓HTTP的包,HTTPS因为含有证书,因而无法正常抓取,抓HTTPS数据包就需要设置可信证书。官方配置方法:https://portswigger.net/burp/help/proxy_options_installingCAcert.html我的配置方法第一步、访问http://burp,下载burp的内置证书https://img-blog.csdn.net/20150823121522275?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
保存证书到本地https://img-blog.csdn.net/20150823121601964?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
我们发现保存的证书是cacert.der,后缀名是.der文件(证书的编码方式不一样),这个文件不是常规的.cer的证书文件,那么下面就是让浏览器信任我们刚才导出的证书。第二步、导入证书Firefox——菜单——选项——高级(证书)——查看证书https://img-blog.csdn.net/20150823122116262?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
查看证书选择服务器选项卡https://img-blog.csdn.net/20150823122217405?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
导入刚才的cacert.der文件,那么在服务器中就会存在“PortSwigger CA”这样的证书(burp的内置证书)https://img-blog.csdn.net/20150823122337765?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast然后导出PortSwiggerCA.crt,保存到本地https://img-blog.csdn.net/20150823122704821?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
第三步、信任此证书在证书机构中导入刚才的PortSwiggerCA.crt文件,并选择【信任使用此CA标识的网站】https://img-blog.csdn.net/20150823122912054?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
确定以后在代理的情况下浏览器就可以正常的访问HTTPS的包,这些包将通过burp三、抓HTTPS包访问https://www.baidu.com/https://img-blog.csdn.net/20150823123353376?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
正常访问。。。四、其他浏览器及客户端设置方法类似上面的【三】注:所有浏览器在安装PortSwiggerCA.crt证书时,必须安装到“受信任的根证书颁发机构”中如:Chromehttps://img-blog.csdn.net/20150823134833023?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQv/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast
页:
[1]
