Open in app

Sign in

Write

Sign in

Hengky Sanjaya Blog

Home

About

Follow publication

Hengky Sanjaya Blog

Hengky Sanjaya Blog helps you to learn more from my understanding in my university

Follow publication

Creating SSL Certificate Burp Suite

--

Ethical Hacking and Penetration Testing-COMP6210|Binus International

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purpose, then please leave this site immediately! We will not be responsible for your any illegal actions.

To make a certificate appears like legitimate, in this case from verified by PortSwigger to verified by Verisign Corp there are 3 steps to do:

  • Generate private & public certificate
  • Import CA Certificate from the BurpSuite
  • Import Certificate from the Browser
  • Generate private & public certificate

As the first step, we need to generate a private and public certificate by running the OpenSSL command.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

After that, some details will be asked and make sure the data is entered correctly.

To review the certificate run the command:

openssl x509 -text -noout -in certificate.pem

To combine the key and certificate in a PKCS#12 (P12) bundle run:

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

Then to validate the P12 file, we can run this command:

openssl pkcs12 -in certificate.p12 -noout -info

  • Import CA Certificate from the BurpSuite

After the certificate successfully created, the next step is to import the CA certificate in the BurpSuit. We can go to the Tab Proxy -> Options -> then click the button “Import / Export CA Certificate”. Choose the “Certificate and private key from PKCS#12 keystore”.

After selecting the file, enter the import password that we set earlier in the previous step when generating the certificate.

A message will appear in the window when the certificate is imported successfully.

  • Import Certificate from the Browser

As an example, in this tutorial is using Firefox as the Browser. Go to Preferences -> Find “Certificate”. Then you will see a button “View Certificates..”

Then click the import button

Choose the “certificate.pem” file.

Check the first checkbox “Trust this CA to identify websites”. Then click “OK”.

Result

As we search for anything or go to any URL in the web browser, there will be no SSL warning anymore and the certificate will be verified by Verisign Corp.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ethical Hacking
Ssl Certificate
Ssl
Linux
Linux Tutorial

--

--

Hengky Sanjaya Blog
Hengky Sanjaya Blog

Published in Hengky Sanjaya Blog

45 Followers
Last published Jun 19, 2020

Hengky Sanjaya Blog helps you to learn more from my understanding in my university

Hengky Sanjaya
Hengky Sanjaya

Written by Hengky Sanjaya

130 Followers
19 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams