Recently had a need to add the Burp Suite's CA certificate to the actual operating system that way I could intercept traffic originating from the command line. I looked for a specific post on how to do this, but had to use multiple blogs in order to achieve my goal, and I thought it would be nice to pay it forward.
First step is to download the Burp certificate. This can be done multiple ways either through Burp Suites menu option or through a web browser that is being actively intercepted by Burp. In the screenshot below navigating to the Proxy --> Options tab there is an option to Import / export CA certificate.
Selecting the button above will prompt you with the following menu. For the sake of this blog post we will simply choose Export --> Certificate in DER format. Save the DER certificate to a location of your choosing.
The other way as mentioned above is to intercept a web browser with Burp proxy and simply type in http://burp. Burp Suite will recognize the request and send you to a landing page where you can click the button that says CA Certificate which will then download the certificate also in the DER format.
If you were to look at the contents of the DER certificate it might not make much sense. That's because DER is the method of encoding the data that makes up the certificate. DER itself could represent any-kind of data, but usually it describes an encoded certificate. The structure of a certificate is described using the ASN.1 data representation language. BER and DER are binary encoding methods for data described by ASN.1.
To use the public key contained in the certificate (and signed by the signature in the certificate) you should use any library that parses X.509 certificates and performs RSA encryption. You could use a tool that detects/handles PEM encoding or you could first convert the certificate to DER by stripping off the PEM encoding.
The OpenSSL command line contains lots of options to convert between PEM and DER, print out high level certificate information or parse the ASN.1 to get a low level view of what is in there. For example, in the screenshot below I am using the following command to convert the DER certificate into a usable public key.
openssl x509 -in <name>.der -inform DER -out <name>.crt
Now that you have converted the certificate into a usable format you can simply copy the file into the directory /usr/local/share/ca-certificates/<name>.crt and issue the command update-ca-certificates. The output of the latter command should show that the certificate was added successfully.
Now in order to set Burp Suite as the proxy from the command line you will need to export the environment variable http_proxy and https_proxy with the address of your Burp Suite proxy. To test simply run curl url.com and Burp Suite should intercept the request successfully without throwing any certificate errors.
Now that your engagement is over or maybe another reason, you need to remove the Burp Suite certificate from your Kali Linux OS. Simply remove the file that you placed in your /usr/local/share/ca-certificates/ directory and run the command update-ca-certificates --fresh . The fresh flag will instruct the operating system to perform a full refresh on the CA store including removing all symlinks that might be in the /etc/ssl/certs directory.
To test that the certificate was removed correctly we can issue the same curl request, however this time we are greeted with a SSL certificate problem.
This was a quick blog post on how to add a CA certificate to the trusted store within Kali Linux. Until next time keep on intercepting requests!
