Burp Suite User Forum

Create new post

Dynamically inserting client certificate

Ronald | Last updated: Dec 05, 2023 07:26AM UTC

I've created a python extension to scan replies from a certain url for a certificate, and then save it to disk and run a command to convert it to pfx. This all works, I can then manually load it into the Project Options -> TLS -> Client certificates. I would also like to automate this last part, but I have no luck so far and my search has yielded little. Is it possible to insert a client certificate into an outgoing request to a certain domain? Or is it possible to automate the loading into project options of a client certificate?

Hannah, PortSwigger Agent | Last updated: Dec 05, 2023 10:22AM UTC

Hi The Montoya API does have support for modifying project options. However, to use this would require the extension to be rewritten in Java. You can find out more about the Montoya API here: https://portswigger.net/burp/documentation/desktop/extensions/creating

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.