Skip to content

BurpSuite Integration

Jump to bottom
gilfoyle97 edited this page Nov 8, 2021 · 2 revisions

Normally you use Burpsuite within your browser, so you just have to trust the burpsuite's certificate in the browser and you're done.
In order to use cariddi with the BurpSuite proxy you should do some steps further.

If you try to use cariddi with the option -proxy http://127.0.0.1:8080 you will find this error in the burpsuite error log section: Received fatal alert: bad_certificate (or something similar related to the certificate).

To make cariddi working fine with Burpsuite you have also to trust the certificate within your entire pc, not just only the browser. These are the steps you have to follow:

  • Go to Proxy tab in Bupsuite, then Options. Click on the CA Certificate button and export Certificate in DER format
  • openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM
  • sudo chown root:root burp.pem
  • sudo chmod 644 burp.pem
  • sudo cp burp.pem /usr/local/share/ca-certificates/
  • sudo c_rehash
  • cd /etc/ssl/certs/
  • sudo ln -s /usr/local/share/ca-certificates/burp.pem
  • sudo c_rehash .

Source: Trust Burp Proxy certificate in Debian/Ubuntu

After these steps, in order to use cariddi with Burpsuite you have to:

  1. Open Burpsuite, making sure that the proxy is listening.
  2. Use cariddi with the flag -proxy http://127.0.0.1:8080.

You will see that requests and responses will be logged in Burpsuite.

@edoardottt
edoardoottavianelli.it to contact me.

Clone this wiki locally