January 25, 2021

Python: Proxy SSL Requests with Burp Suite

Introduction

In this article we will look at how we can use burp suite as an ssl proxy in python for the requests library. This helped me a lot within my last pentest to easily log all the traffic of my API test script.

What you need

pip3 install requests

Get Proxy Certificate from Burp

I will not describe here in detail what the Burp Suite is and how to use it. That would definitely go beyond the scope. A good introduction to Burp and how to activate or set the proxy can be found here.

Start burp suite and switch to the proxy options

Then click the button “Import / export CA certificate”. Is important to use the DER format.

Then click through the next dialogs and save the cert file on your machine.

Convert DER Certificate Format to PEM Format

Now we just need to convert the already exported SSL certificates in DER format to the PEM format using openssl.

openssl x509 -inform der -in <name_of_your_der_file.der> -out burp.pem

Python example

The following script import the request lib, set burp as proxy and performs a post request to my blog.

import requests

s = requests.Session()
s.proxies = {"https": "https://localhost:8080"}
s.verify = "burp.pem"
base_url = "https://aicdev.com"
test = s.post(base_url, json={"you_should_see_me": True})

print(test.text)

Switch to burp and you should see your ssl intercepted/proxy request:

Leave a Reply

Your email address will not be published. Required fields are marked *