Difference between revisions of "Intercept SSL Traffic"
Jump to navigation
Jump to search
| Line 29: | Line 29: | ||
== On the device == | == On the device == | ||
| − | + | iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port> | |
| − | |||
| − | |||
openssl s_client -connect <target-host>:<target-port> -showcerts | openssl s_client -connect <target-host>:<target-port> -showcerts | ||
| Line 39: | Line 37: | ||
link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0 | link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0 | ||
| − | openssl x509 -hash < PortSwigger.pem | + | openssl x509 -hash -noout < PortSwigger.pem |
Latest revision as of 13:33, 20 April 2011
Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x
Run burpsuite
Assumes you want to intercept traffic to <target-host>:<target-port>
proxy listeners
- local listener port: 8443
- listen on loopback interface only: no
- support invisible proxying for non-proxy-aware clients: yes
- redirect to host: <target-host>
- redirect to port: <target-port>
server SSL certificate
- generate a CA-signed certification with a specific hostname: <target-host>
intercept client requests
- intercept-if: yes
- update Content-Length: yes
intercept server responses
- intercept-if: yes
- update Content-Length: yes
misc
- unpack gzip / deflate: yes
On the device
iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port>
openssl s_client -connect <target-host>:<target-port> -showcerts
copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem
link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0
openssl x509 -hash -noout < PortSwigger.pem