Introduction
In this article we will look at how we can use burp suite as an ssl proxy in python for the requests library. This helped me a lot within my last pentest to easily log all the traffic of my API test script.
What you need
- Burp Suite (at least the community edition)
- openssl
- Python3
- Pip3
- Install the python3 requests lib by running:
pip3 install requestsGet Proxy Certificate from Burp
I will not describe here in detail what the Burp Suite is and how to use it. That would definitely go beyond the scope. A good introduction to Burp and how to activate or set the proxy can be found here.
Start burp suite and switch to the proxy options
Then click the button “Import / export CA certificate”. Is important to use the DER format.
Then click through the next dialogs and save the cert file on your machine.
Convert DER Certificate Format to PEM Format
Now we just need to convert the already exported SSL certificates in DER format to the PEM format using openssl.
openssl x509 -inform der -in <name_of_your_der_file.der> -out burp.pemPython example
The following script import the request lib, set burp as proxy and performs a post request to my blog.
import requests
s = requests.Session()
s.proxies = {"https": "https://localhost:8080"}
s.verify = "burp.pem"
base_url = "https://aicdev.com"
test = s.post(base_url, json={"you_should_see_me": True})
print(test.text)Switch to burp and you should see your ssl intercepted/proxy request:
No responses yet