The article was transferred from the Ichunqiu forum.
0x00 causes Preface: Burpsuit is a penetrating weapon, I believe that the elder cousins have used it more or less to grab the bag.httpGrasping the packet is very simple, HTTPS grabbed the packet, there is more certificate trust issues. Because in the hijacking HTTPS communication, the certificate will become Burp certificate, the original website certificate problems, we do not trust the BURP certificate, the browser will not be able to access the next step, grab the package can not continue. So to catch the HTTPS packet, it is to import the certificate into the browser's "trust directory", note that "trust directory", rather than simply import into the browser. Https&&ssl In order to improve the security of the site, generally in the more sensitive parts of the page with HTTPS transmission, such as registration, login, console and so on. such as Gmail, Internet banking, icloud, and so on are all using HTTPS transmission. Https/ssl plays a key role in two roles: website authentication, content encryption transmission and data consistency. CA-Issued certificates only play a credible role, all valid certificates can play the role of encrypted transmission. Digital certificates Primarily used for authentication purposes on the Internet. After obtaining the CA (Certificate Authority digital Certification authority) certification, the secure site obtains a digital certificate to identify the authenticity of its legal identity. Digital certificates are mainly divided into server certificates and client certificates. Server certificates (SSL certificates) are used for authentication and encryption of communications, and client certificates are primarily used for authentication and electronic signatures. A CA is charged for applying for a certificate. Self-signed certificate A certificate that is issued by a non-CA and is obtained by a self-signed method. Typically, a Web browser displays a dialog box asking if you want to trust a self-signed certificate. This is not for money. Middleman attack This means that the attacker creates separate contacts with the two ends of the communication and exchanges the data they receive so that both ends of the communication think that they are talking directly to each other through a private connection, but in fact the entire session is fully controlled by the attacker. In a man-in-the-middle attack, an attacker could intercept a call from both parties and insert new content. In many cases this is very simple.
0X01 Environment Java 1.7//Note that Java version can not be too high, that is, cannot be 1.8, the specific reason is not clear, if it is 1.8, the exported certificate will be 0 bytes burp1.6 Pro cracked version Firefox browser
Autoproxy//Firefox plugin
Android Grab bag: Night God Simulator 0x02 settings
Open burp Setup Agent <ignore_js_op> <ignore_js_op>
Set the 8080 port of the native IP as the proxy, as it will not be a loopback address for 127.0.0.1 if it is to be caught on the Android emulator. The IP at 3 must be the same as the address of Ipconfig under CMD. Browser settings//local catch HTTPS on PC After installing Autoproxy, edit the proxy server and add a 8080 proxy. Preferences--Proxy server--Edit proxy Server <ignore_js_op> After setting the browser, the global agent. Select the default proxy as the proxy you just set, and click twice to turn the word green. Access http://burp/Download certificate, here the certificate is in der Format, Android does not recognize, import the certificate in the browser and then export the certificate to CER format. <ignore_js_op> Take Firefox as an example, turn on the option--advanced---Check the certificate----server--and import Select the Caret.der
Remember to check out the red box, I did not tick off, the certificate has not been trusted, this is a detail pit. By this step, if the certificate is trusted, the computer can catch https. Export certificates: Options-------View Certificates--Server--Select the certificate you just imported--export
<ignore_js_op> Will get a portswigger.cer. Drag him into our Android simulator. Just drag the file to the Night God Simulator window. It is automatically uploaded to the emulator's
<ignore_js_op> This is the certificate location, next set up the Android Trust Burp certificate, set-up and security--from the SD card installation to find the certificate above to select the installation on the line. <ignore_js_op> Set-and security-and trusted credentials-users see Portswigger on behalf of import and trust success. Set up Android WiFi agent, set-->wlan--> Zoo to link to wifi--> Modify network----------------Set the Burp proxy settings just For example, I'm 127.25.28.240 port 8080 above. After setting the success, try grabbing the bag and see. <ignore_js_op> Success! Here because I have tried before, the first time I grabbed the package will prompt the certificate has a problem, choose to add an exception on the line |