Burp Suite User Forum

Login to post

How to load a cert bundle, cert and key?

David | Last updated: Dec 02, 2019 08:12AM UTC

Has anyone had to load client certs for mutual tls into the latest burp recently? Basically, I am trying to replicate the following in Burp: curl https://domain.com/api/test --cacert ./api-trust.bundle --cert ./api-certificate.pem:password --key ./api-key.pem Normally loading a client cert is fine in burp, but this request requires all 3 (I've tried converting it to .crt with openssl as well)

Mike, PortSwigger Agent | Last updated: Dec 02, 2019 11:32AM UTC

Hi David Under "Project options -> SSL -> Client SSL certificates -> Override user options" you can add client certificates specified by destination host. If you package those 3 components into a PKCS#12 file and import it into Burp Suite, Burp will automatically provide that certificate when the target requests one.

Burp User | Last updated: Dec 02, 2019 06:58PM UTC

Oh wow that is perfect thank you! It works great, for reference I used this command to convert them: openssl pkcs12 -export -inkey your_private_key.key -in your_certificate.cer -certfile your_chain.pem -out final_result.pfx reference: https://www.tbs-certificates.co.uk/FAQ/en/288.html

You need to Log in to post a reply. Or register here, for free.