Burp Suite User Forum

Create new post

View HTTPS Traffic Without Decrypting It

Scott | Last updated: Mar 18, 2016 05:28PM UTC

This seems so simple, but I cannot figure it out... I provide screenshots from Burp to illustrate particular points observed in the Suite. I would like to provide an encrypted/decrypted view of a particular application workflow. "SSL Pass Through" seems like it would be a step in the right direction, but I think I set it up wrong and Burp crashed. It seems like it might not display the encrypted traffic anyway... Wireshark would show me the raw traffic, but I would love to have the shots be identical (except for the displayed traffic, of course). Thanks!

PortSwigger Agent | Last updated: Mar 21, 2016 08:45AM UTC

There isn't a way to display encrypted HTTPS traffic in Burp. If you use the "SSL pass through" option, then HTTPS traffic is directly relayed to the server without being intercepted or displayed. If you want to see encrypted traffic on the wire, then a tool like Wireshark is the right choice.

Burp User | Last updated: Mar 22, 2016 01:41PM UTC

Thank you, Dafydd! I thought that might be the case, so I'm glad I asked.

PortSwigger Agent | Last updated: Mar 22, 2016 01:44PM UTC

You can see in the Proxy history whether SSL was used for any particular request. If a user agent is doing SSL pinning then you would normally expect to see SSL handshake failures in the Burp alerts tab. If any SSL requests get through Burp, then the user agent isn't doing pinning or it isn't working properly. If you have a feature request, please can you clearly describe what functionality you are looking for?

Burp User | Last updated: Jul 18, 2017 07:50AM UTC

Hi Daffydd, may be this feature could be added for next Burp release. Checking HTTPS traffic without decrypting it is needed when checking correct SSL pinning implementation on mobile apps. Many times we find that SSL pinning is only enforced during first time connection only and not enforced afterwards, the only way to verify this is to check if the subsequent traffics was encrypted via SSL. By the way, Charles proxy has this feature :-)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.