By Marone: December 2017 | last update: December 2019

Tracing web services with https

Goal

In a previous post tracing messages i used tcpmon tool to monitor soap messages between client and server, With tcpmon i could tracing soap and as well rest services but only with http protocol. Now i want to trace a spring boot rest services that use HTTPS protocol, after searching in web i found Burp Suite. So im going to introduce how to use this tool

burp use case

Used technologies

JDK 1.8
Firefox
Download Burp Suite Community Edition as JAR file from here

Start Burp Suite

java -jar -Xmx512m burpsuite_community_v1.7.30.jar
If everything ist working a Wizard will appear, then just click i accept -> Next -> Start Burp after a few second you will see the project Wizard

suite

Config Burp / Change Porxy listener port

Because in most cases the port 8080 is in use, so we will change the listener port to 18090
config

Get Burp CA Certificate

In Order to deal with HTTPS, you have to import the Burp CA Certificate to your browser.Hit the url http://burp and then click CA Certificate and save the certificate cacerti

Import Burp Certificate to Firefox

Open FireFox, hit about:preferences#privacy under certificates click View Certificates and Select the "Authorities" tab.
Click "Import", select the Burp CA certificate file that you saved before and click Open.
In the next wizard, check the box Trust this CA to identify web sites and click "OK"

Pass traffic through Burp

In order to pass all HTTP and HTTPS traffic from your browser through Burp, you need to configure your browser to work with it.
Go to FireFox Open menu -> Options under Network Proxy select Settings, it should look like below. At last click OK connectionsetting

Show time

Hit https://localhost:8443 in browser and switch to Burp Suite GUI. result

References


Related topics