-
-
Notifications
You must be signed in to change notification settings - Fork 158
BurpSuite Integration
Normally you use Burpsuite within your browser, so you just have to trust the burpsuite's certificate in the browser and you're done.
In order to use cariddi with the BurpSuite proxy you should do some steps further.
If you try to use cariddi with the option -proxy http://127.0.0.1:8080
you will find this error in the burpsuite error log section: Received fatal alert: bad_certificate
(or something similar related to the certificate).
To make cariddi working fine with Burpsuite you have also to trust the certificate within your entire pc, not just only the browser. These are the steps you have to follow:
- Go to Proxy tab in Bupsuite, then Options. Click on the CA Certificate button and export Certificate in DER format
openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM
sudo chown root:root burp.pem
sudo chmod 644 burp.pem
sudo cp burp.pem /usr/local/share/ca-certificates/
sudo c_rehash
cd /etc/ssl/certs/
sudo ln -s /usr/local/share/ca-certificates/burp.pem
sudo c_rehash .
Source: Trust Burp Proxy certificate in Debian/Ubuntu
After these steps, in order to use cariddi with Burpsuite you have to:
- Open Burpsuite, making sure that the proxy is listening.
- Use cariddi with the flag
-proxy http://127.0.0.1:8080
.
You will see that requests and responses will be logged in Burpsuite.
@edoardottt
edoardoottavianelli.it to contact me.