Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

View HTTPS Traffic Without Decrypting It

Scott | Last updated: Mar 18, 2016 05:28PM UTC

This seems so simple, but I cannot figure it out... I provide screenshots from Burp to illustrate particular points observed in the Suite. I would like to provide an encrypted/decrypted view of a particular application workflow. "SSL Pass Through" seems like it would be a step in the right direction, but I think I set it up wrong and Burp crashed. It seems like it might not display the encrypted traffic anyway... Wireshark would show me the raw traffic, but I would love to have the shots be identical (except for the displayed traffic, of course). Thanks!

PortSwigger Agent | Last updated: Mar 21, 2016 08:45AM UTC

There isn't a way to display encrypted HTTPS traffic in Burp. If you use the "SSL pass through" option, then HTTPS traffic is directly relayed to the server without being intercepted or displayed. If you want to see encrypted traffic on the wire, then a tool like Wireshark is the right choice.

Burp User | Last updated: Mar 22, 2016 01:41PM UTC

Thank you, Dafydd! I thought that might be the case, so I'm glad I asked.

PortSwigger Agent | Last updated: Mar 22, 2016 01:44PM UTC

You can see in the Proxy history whether SSL was used for any particular request. If a user agent is doing SSL pinning then you would normally expect to see SSL handshake failures in the Burp alerts tab. If any SSL requests get through Burp, then the user agent isn't doing pinning or it isn't working properly. If you have a feature request, please can you clearly describe what functionality you are looking for?

Burp User | Last updated: Jul 18, 2017 07:50AM UTC