0

I have a website which is available at: https://abs:8443/myweb I use burp suite as a local proxy: 

proxyIP = "127.0.0.1"
proxyPort = 8080

Then I tried to proxy the https trafic via burp to the https website but it failed. Here is what I tried: 

import sys
import socket
import ssl
import os

url = "https://abs:8443/myweb"
proxyIP = "127.0.0.1"
proxyPort = 8080
targetIP = "abs"
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s_sock = context.wrap_socket(sock, server_hostname=targetIP)
s_sock.connect((proxyIP, proxyPort))

data = "some data"

payload = (
    "POST "+url+" HTTP/1.1\r\n"
    "Host: "+targetIP+":8443\r\n"
    "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0\r\n"
    "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
    "Accept-Language: en-US,en;q=0.5\r\n"
    "Accept-Encoding: gzip, deflate\r\n"
    "Content-Type: application/x-www-form-urlencoded\r\n"
    "Content-Length: "+str(len(data))+"\r\n"
    "\r\n" + data + "\r\n"
)

sock.sendall(payload)
recv = sock.recv(64000)
sock.close()
print recv

How to proxy HTTPS traffic with burp suite?

Michael
  • 32,527
  • 49
  • 210
  • 370
  • To proxy HTTPS traffic you first need to send a CONNECT request to the proxy, then initiate an SSL tunnel. Rather than deal with this raw, you're probably better using an HTTP library like requests which handles this for you. – PortSwigger Mar 06 '19 at 14:03
  • Could you please provide a full answer? – Michael Mar 06 '19 at 14:32

1 Answers1

0

You will need a normal listener, such as 127.0.0.1:8080 - Then you will have to install the burp CA certificate in order for the proxy listener to be able to negotiate SSL connections.

PortSwigger have written documentation for this:

jasttim
  • 723
  • 8
  • 19