Burp Suite User Forum

Create new post

Integrating Burp and Wireshark

Robin | Last updated: Jan 30, 2015 09:50PM UTC

I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to get hold of the per server certificate so I can import it into Wireshark?

PortSwigger Agent | Last updated: Feb 02, 2015 10:29AM UTC

There isn't currently a way to do this, sorry. The per-host certificates are generated on-the-fly for each host that is accessed, and they aren't stored anywhere. But we could potentially add a feature where you could export the certificate and key that is being used for a given host in a given session of Burp. It would probably be available in DER or PKCS#12 keystore format as for the VA cert. Would that do what you need?

Burp User | Last updated: Mar 23, 2015 06:00PM UTC

Exporting the CA is already a feature. I have been using it for years. That feature would probably help the OP. My issue is that keytool cannot read the file the is exported, nothing can except binwalk. They keystore is completely useless to me.

Burp User | Last updated: Sep 06, 2016 02:09PM UTC

Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file. You can then point Wireshark at the file and you see decrypted TLS traffic. Just google for SSLKEYLOGFILE or view the nice written: https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ blog post

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.