Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How does Burp 1.7.36 use custom client SSL Certificate?

Ali | Last updated: Mar 27, 2020 05:03PM UTC

Hi, this might be unrelated, but I'm stuck. I'm trying to stimulate Burp's custom Client SSL Certificate in golang. The keystore info are: Keystore type: PKCS12 Keystore provider: SunJSSE Using Burp requests flow without any problems, but implementing it in Golang says handshake failure. I was curious how does Burp pass the certificate to a server, and if there are any Java source codes I could copy from. And if not, is it possible to run Burp inside a linux server from command line and attach the proxy? In Golang I can use Burp as a proxy and my issue is resolved that way.

Liam, PortSwigger Agent | Last updated: Mar 30, 2020 11:02AM UTC

Ali, to clarify: - You're using Go to write your program - The program takes the place of the browser in the normal setup: Browser -> Burp -> Website - Because Burp needs to inspect HTTPS traffic we generate a certificate to install into the browser. You have replaced the browser so you need to know how to add a certificate to the trust store that Go uses This blog post: https://forfuncsake.github.io/post/2017/08/trust-extra-ca-cert-in-go-app/ - might be helpful. Check out the section - "And The Winner Is…"

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.