0

I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see what kind of data is being set out.

I have tried exporting ca certificate of burp it gives me three options

export certificate
export key
export certificate and key PKCS12 format or whatever

after that i tried each options and names the files

test
what
thisone

in that order. I then try to is on wireshark. I imported as RSA key and it says cannot read PEM.

I tried changing the format using openssl and I change to PEM format yet same error What is my issue and how can I fix it?

Improve this question
2
  • 1
    I think you are trying the wrong thing in the first place: The CA certificate is of no use at all to decrypt TLS connection. With RSA key exchange you could use the certifificate + private key from a specific connection, but not the CA. But RSA key exchange is obsolete and with modern ciphers no kind of certificates+keys can be used to decrypt the captured traffic. You would need the SSLKEYLOGFILE instead which stores the key material used for the TLS sessions. This file can be written by various clients and servers.
    – Steffen Ullrich
    Commented May 31 at 4:52
  • Did you read the documentation on how to use certificates in Wireshark? Why do you want to use the burp certificate and not your site certificate?
    – schroeder
    Commented May 31 at 8:03

1 Answer 1

Reset to default
2

Don't import the certificate as RSA key, but configure it under Protocols > TLS > RSA keys list.

Wrong:

RSA keys in wireshark

Right:

Wireshark TLS settings

Furthermore, this only works when the connection uses RSA without forward secrecy. In Burp, configure insecure TLS settings so that the connection can be intercepted:

Burp settings

(screen shot does not show correct settings, but it shows where to configure it)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .