Creating Custom SSL Certificate using BurpSuite
When you are performing interception of network using BurpSuite, users may receive an error message stating that the connection is not secure. Websites may partially load or may not even load at all, and the padlock beside the URL may have a warning sign. In order to prevent this from happening, you can create a self-made certificate that appear as a legitimate certificate.
To create a self-made certificate, there are three main commands to run on the kali linux terminal:
First thing is the command:
openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der
In this command, openSSL will ask you to enter a few information regarding the certificate, such as country name, state/province name, locality name, organization name (in this case Verisign Corp), organizational unit name, common name, and email address. After those field have been filled , there are two more commands to run:
Second command is :
openssl rsa -in server.key -inform pem -out server.key.der -outform der
Third command is :
openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrpyt
Now when you see the file manager, these files should appear:
Now open BurpSuite and under Proxy -> Intercept click on import/export CA Certificate and then select Import certificate and private key in DER Format.
Select ca.der as the CA certificate and server.key.pkcs8.der for the private key.
Now open your browser (preferably Mozilla Firefox) and then open preferences, and search “cert” and select “view certificates”
Next, import CA Certificate and choose the previous ca.der file and tick on “Trust this CA to identify websites.
Now you will see Verisign Corp is part of trusted certificates:
Lastly, now when you open websites the certificate will be Verisign Corp:
Resources:
No Comments »
RSS feed for comments on this post. TrackBack URL