By Marone: December 2017 | last update: December 2019
Tracing web services with https
Goal
In a previous post tracing messages i used tcpmon tool to monitor soap messages between client and server, With tcpmon i could tracing soap and as well rest services but only with http protocol. Now i want to trace a spring boot rest services that use HTTPS protocol, after searching in web i found Burp Suite. So im going to introduce how to use this tool
Used technologies
JDK 1.8Firefox
Download Burp Suite Community Edition as JAR file from here
Start Burp Suite
java -jar -Xmx512m burpsuite_community_v1.7.30.jar
If everything ist working a Wizard will appear, then just click i accept -> Next -> Start Burp after a few second you will see the project Wizard
Config Burp / Change Porxy listener port
Because in most cases the port 8080 is in use, so we will change the listener port to 18090
Get Burp CA Certificate
In Order to deal with HTTPS, you have to import the Burp CA Certificate to your browser.Hit the url http://burp and then click CA Certificate and save the certificate
Import Burp Certificate to Firefox
Open FireFox, hit about:preferences#privacy under certificates click View Certificates and Select the "Authorities" tab.Click "Import", select the Burp CA certificate file that you saved before and click Open.
In the next wizard, check the box Trust this CA to identify web sites and click "OK"
Pass traffic through Burp
In order to pass all HTTP and HTTPS traffic from your browser through Burp, you need to configure your browser to work with it.Go to FireFox
Open menu -> Options under Network Proxy select Settings, it should look like below. At last click OK
Show time
Hit https://localhost:8443 in browser and switch to Burp Suite GUI.