Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

View origional / origin cert when proxying SSL traffic

Zack | Last updated: Feb 18, 2022 12:53PM UTC

It would be nice if we could view the origin cert behind burp when proxying SSL traffic. Sometimes when proxying SSL traffic through burp, we need to view the properties of the SSL cert on the remote server. Sometimes that SSL cert is not exposed to us unless we can manipulate the HOST header in the request using burp, allowing us to land on different sites that may be hosted on the same IP address, or routed by a reverse proxy that examines the host header. But in this instance burp hides the cert on the server from the browser, and we see a dynamically issued cert from the burp CA instead. There are workarounds such as resolving the domain names and manipulating hosts files, then using the browser, but these are inelegant. It would be nice if we had a lock icon, or something similar to the browsers that let us view the certificate on the origin / actual server when proxying traffic through burp. Thank you Zack

Michelle, PortSwigger Agent | Last updated: Feb 18, 2022 02:45PM UTC

Thanks for your message. If you go to Project Options -> TLS -> Server TLS certificates, would this give you all the information you are looking for on the TLS certificates that Burp has received from web servers?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.