{"id":93,"date":"2024-02-28T12:12:09","date_gmt":"2024-02-28T12:12:09","guid":{"rendered":"https:\/\/blog.devops955.com\/swain\/?p=93"},"modified":"2024-03-05T03:55:12","modified_gmt":"2024-03-05T03:55:12","slug":"using-burp-suite-local-proxy-to-capture-https-data-analysis","status":"publish","type":"post","link":"https:\/\/blog.devops955.com\/swain\/2024\/02\/28\/using-burp-suite-local-proxy-to-capture-https-data-analysis\/","title":{"rendered":"Using Burp Suite Local Proxy to Capture HTTPS Data Analysis"},"content":{"rendered":"
\n

Estimated reading time: 5 min<\/p>\n<\/blockquote>\n

Enable Burp Suite proxy feature<\/h1>\n

Open Burp Suite, select Proxy > Options<\/strong> menu.
\nIn the Proxy Listen Address<\/strong> textbox, enter the local IP address and port number, default 127.0.0.1:8080<\/em>.
\nIn the pop-up window, ensure the Running<\/strong> option is enabled (green check).<\/p>\n

\"image01\"<\/p>\n

Configure Windows proxy settings<\/h1>\n

Set up proxy in the network settings of your machine, proxy address 127.0.0.1<\/em>, proxy port 8080<\/em>.
\nFill in and Save<\/strong> to apply.<\/p>\n

\"image02\"<\/p>\n

Install Burp Suite certificate<\/h1>\n

Use a browser to open http:\/\/burp<\/a><\/em>, click on the top right corner to download and install the Burp Suite certificate.
\nIt is recommended to install it for the local machine<\/strong>; installing for the current user only might still prompt that the certificate is untrusted.
\nAfter installation, use certmgr<\/strong> to check that there is a PortSwigger<\/strong> certificate under Trusted Root Certification Authorities<\/strong>, which means the installation was successful.<\/p>\n

\"image03\"<\/p>\n

Test HTTPS packet capture<\/h1>\n

Visit an HTTPS website in your browser, such as https:\/\/www.google.com<\/a><\/em>. In Burp Suite's Proxy<\/strong> tab under HTTP history<\/strong>, you should be able to see all requests and responses.
\nThis method can parse HTTPS requests from browsers and other applications for analysis and troubleshooting.<\/p>\n

Since Burp Suite captures all HTTPS requests, if targeting a specific application, you can use the Proc Mon tool to view the application's requests, and use Burp Suite to filter the application's requests accordingly.<\/p>\n

Can Burp Suite's functionality intercept HTTPS requests from specific applications only? (to be continued)<\/em><\/strong><\/p>\n

Using Wireshark with Windows Environment Variables to Capture HTTPS Data Analysis<\/h1>\n

Windows Environment Variable Configuration<\/h2>\n

In System Properties > Advanced > Environment Variables<\/strong>, you can add as either a User or System.
\nAdd an environment variable<\/strong>:
\nVariable: SSLKEYLOGFILE<\/strong>
\nValue: C:\\the\\path\\to\\SSLkey.log<\/strong><\/p>\n

\"image04\"<\/p>\n

Configure Wireshark options<\/h2>\n

Open Wireshark and select Edit > Preferences > Protocols > TLS<\/strong>, in the (pre)-master-secret log filename<\/strong> choose the set file C:\\the\\path\\to\\SSLkey.log<\/strong>.<\/p>\n

\"image05\"<\/p>\n

Test HTTPS packet capture<\/h2>\n

After starting the capture, Wireshark will use the handshake information saved in this file, then it can parse out the browser's HTTPS requests (it seems other applications won't save here), for analysis and troubleshooting.
\nWhen the capture is completed, save this file as another file, together with the capture file, so you can import this file later to parse the HTTPS requests of this capture.<\/p>\n

\n

Note:<\/strong>
\nThe SSLKEYLOGFILE is saved in plain text, so security measures are needed. This file will continue to be written to due to the environment variable, so it needs to be cleaned regularly or the environment variable should be deleted after use.<\/em><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Estimated reading time: 5 min Enable Burp Suite proxy feature Open Burp Suite, select Proxy > Options menu. In the Proxy Listen Address textbox, enter the local IP address and port number, default 127.0.0.1:8080. In the pop-up window, ensure the Running option is enabled (green check). Configure Windows proxy settings Set up proxy in the…<\/p>\n","protected":false},"author":3,"featured_media":110,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_jetpack_memberships_contains_paid_content":false},"categories":[3],"tags":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/blog.devops955.com\/swain\/wp-content\/uploads\/sites\/2\/2024\/02\/OIP-C.jpg","_links":{"self":[{"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/posts\/93"}],"collection":[{"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":5,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/posts\/93\/revisions"}],"predecessor-version":[{"id":194,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/posts\/93\/revisions\/194"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/media\/110"}],"wp:attachment":[{"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.devops955.com\/swain\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}