Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Distinguishing between the 3 options under "Proxy's Certificate"

Hello | Last updated: Feb 04, 2016 10:43AM UTC

Under "Proxy >> Options Proxy Listeners", I see that there are three options under Certificate. 1. Use a self-signed certificate 2. Generate CA-signed per-host certificates 3. Generate a CA-signed certificate with a specific hostname When will we ever need to use option 3? Wouldn't Option 2 always work? Is there a use-case or scenario to demonstrate the usage of option 3?

PortSwigger Agent | Last updated: Feb 04, 2016 11:07AM UTC

To implement option 2, Burp needs to identify the name of the target host that the client is trying to connect to. It can do this in three ways: - Extracting the hostname from the CONNECT request - Extracting the hostname from the SSL client hello if the client includes this - Connecting to the actual server and retrieving the real SSL certificate, if the client only provides an IP address in the CONNECT request Sometimes, none of these work, particularly for non-standard clients or if invisible proxying is being used (so no CONNECT request). In this situation, you can use option 3 to tell Burp what hostname to use for the CA-signed cert.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.