Intercepting HTTPS traffic with Burp Suite

Introduction

Proxies like the one included in Burp Suite are designed for traffic interception. This allows the owner of the proxy to view, modify and drop packets passing through the proxy. While this can certainly be used for criminal purposes, it can also be used by cyberdefenders to protect against malware and dangerous user behavior.

In this article, we’ll discuss how to use Burp Suite to intercept Web traffic, both encrypted and unencrypted. We’ll start with unencrypted traffic (HTTP) and then cover the modifications necessary for HTTPS.

Intercepting HTTP Traffic

The first step to intercepting web traffic with Burp Suite is installing it on your system. The Burp Suite Community Edition is available from PortSwigger. After installing and opening Burp Suite, you’ll see a screen similar to the one below. [CLICK IMAGES TO ENLARGE]

When using Burp Suite as a proxy, it’s a good idea to ensure that the proxy is active. As shown in the screen above, this information is found under Proxy in the first row of tabs and Options in the second row. Note that the Burp proxy runs on 127.0.0.1:8080 by default.

If the proxy is running, the next step is setting up a Web browser to use the proxy. In this example, we’re using Chrome, so these settings can be found by opening Options and searching for Proxy as shown below.

Clicking on the “Open proxy settings” button in the above screen opens up the computer’s Internet Settings. As shown in the screen below, we’re using Windows for this example.

In the above screen, click on the LAN settings button, which opens the screen below. At the bottom of this screen is the computer’s proxy settings.

As shown above, we’ve set the proxy settings for the computer to Burp Proxy’s default address (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/94SvFBvI7OM/