PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!
2018-09-15

Burp+SSLintercept with Kali+Docker+Java+Python+Browser

I couldn’t find a single source for setting this up, so I thought I would copy/paste my notes for others to reference. Feedback appreciated.

The goal is to proxy all http-80 and https-443 traffic in a docker/OS stack through Burp with (trusted) SSL intercept.

My Environment:

  • Host OS:
    • Kali v2018.3
    • Burp Suite Community Edition v1.7.35
    • Docker v17.05.0-ce
    • Openjdk 10.0.2, but also works on Java 10.0.2
    • Python 3.6.6
  • Docker OS:
    • Debian v9
    • Openjdk 10.0.2, but also works on Java 10.0.2

Notes:

  • root@host:~# will be used when showing host commands to run
  • root@docker:~# will be used when showing docker OS commands to run
  • Run everything as root

The Steps – Host OS:

Install Burp from the apt-get repo or from portswigger.net.

If you have trouble with this, you can Google how to install Burp.

Disable ipv6 to ensure IP/port bindings are compatible with everything else.

root@host:~# vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Permanently set environment variables.

root@host:~# vi /etc/environment
export http_proxy=http://127.0.0.1:8080/
export https_proxy=http://127.0.0.1:8080/
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
export HTTP_PROXY=http://127.0.0.1:8080/
export HTTPS_PROXY=http://127.0.0.1:8080/
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt # used by python

Source the above into our shell on login

vi /root/.bashrc
source /etc/environment

Proxy apt requests

Note, this will cause problems with certs not validating, which I’ve been unable to solve as of yet. Skip it if not needed.

root@host:~# vi /etc/apt/apt.conf.d/95proxies
Acquire::http::proxy "http://127.0.0.1:8080/";
Acquire::https::proxy "https://127.0.0.1:8080/";

Tell Java to use the proxy.

root@host:~# echo $JAVA_HOME

The above should give you the path to Java’s home path such as

/usr/lib/jvm/java-10-openjdk-amd64″ or “/usr/share/java/jdk-10.0.2

root@host:~# vi [JAVA_HOME FROM ABOVE]/conf/net.properties
Example: vi /usr/lib/jvm/java-10-openjdk-amd64/conf/net.properties
# Make sure the following are uncommented and configured to:
http.proxyHost=127.0.0.1
http.proxyPort=8080
http.nonProxyHosts=localhost|127.*|[::1]
https.proxyHost=127.0.0.1
https.proxyPort=8080

Export the Burp CA Cert

  1. Go to the Proxy tab in Burp
  2. Go to the subtab, Options
  3. Click on the export CA Certificate button
  4. Export Certificate in DER format to /tmp/burp.der

Convert the CA Cert and drop it in the needed locations

root@host:~# cd /tmp/
root@host:~# openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM
root@host:~# chown root:root burp.pem
root@host:~# chmod 644 burp.pem
root@host:~# cp burp.pem /usr/local/share/ca-certificates/burp.crt
root@host:~# c_rehash -v /usr/local/share/ca-certificates/.
root@host:~# update-ca-certificates

# Assuming the symlink is already present, these steps are not needed
root@host:~# cd /etc/ssl/certs/
root@host:~# sudo ln -s /usr/local/share/ca-certificates/burp.pem
root@host:~# sudo c_rehash -v .

# These likely not be needed either, but placing it here for future reference...
root@host:~# cd /usr/share/ca-certificate
root@host:~# cp /tmp/burp.pem burp.crt
root@host:~# dpkg-reconfigure ca-certificates
# select burp cert (should be top of list) and hit "ok"

Locate the Java certs location:

root@host:~# find / 2>/dev/null |grep /java/cacerts

In kali, it should be at /etc/ssl/certs/java/cacerts

root@host:~# keytool -importcert -alias startssl -keystore [THE CACERTS PATH FROM ABOVE] -storepass changeit -file /tmp/burp.pem
Then type "yes" and hit enter.

Don’t forget to import the burp cert into your browser. Google “install ca certificate in X” for Firefox or Chrome.

The Steps – Docker OS (mainly):

Setting the environment variables

This was supposed to set env variables in the docker image, but did not. Leaving it here until I figure that out…will update:

root@host:~# vi /etc/default/docker
export http_proxy=http://[HOST OS IP]:8080/
export https_proxy=http://[HOST OS IP]:8080/
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
export HTTP_PROXY=http://[HOST OS IP]:8080/
export HTTPS_PROXY=http://1[HOST OS IP]:8080/

If the above does not work, add it to the docker image:

root@host:~# docker exec -it -u root [DOCKER NAME] /bin/bash
root@docker:~# vi /etc/environment
export http_proxy=http://[HOST OS IP]:8080/
export https_proxy=http://[HOST OS IP]:8080/
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
export HTTP_PROXY=http://[HOST OS IP]:8080/
export HTTPS_PROXY=http://1[HOST OS IP]:8080/

Set the proxy for Java in docker

Find the path for Java’s “net.properties”:

root@docker:~# find / 2>/dev/null |grep net.properties

Assuming you don’t have vi, echo the proxy settings to the file:

root@docker:~# echo "http.proxyHost=[HOST OS IP]" >> /etc/java-8-openjdk/net.properties
root@docker:~# echo "http.proxyPort=8080" >> /etc/java-8-openjdk/net.properties
root@docker:~# echo "https.proxyHost=[HOST OS IP]" >> /etc/java-8-openjdk/net.properties
root@docker:~# echo "https.proxyPort=8080" >> /etc/java-8-openjdk/net.properties

Copy the Burp CA Cert to the docker container

root@host:~# docker ps -a

Copy the container ID.

Upload the cert to the docker container:

root@host:~# docker cp /tmp/burp.pem [CONTAINER ID]:/tmp

Tell Java (in docker) to trust the burp cert

root@docker:~# find / 2>/dev/null | grep /java/cacerts

It will most likely be: /etc/ssl/certs/java/cacerts
Use it below…

root@docker:~# keytool -importcert -alias startssl -keystore /etc/ssl/certs/java/cacerts -storepass changeit -file /tmp/burp.pem
Then type "yes" and hit enter

Commit docker changes

root@docker:~# docker commit [DOCKER NAME] [NEW IMAGE NAME]
root@docker:~# docker kill [OLD CONTAINER ID]
root@docker:~# docker rm [OLD CONTAINER ID]
root@host:~# reboot now

On startup (do every time):

Fire up Burp and do the following

  1. Disable intercept from proxy tab – alt (make it permanent): Settings > Proxy > Default Proxy state > Disable
  2. Set the interface to “all interfaces”, not just loopback, or your docker container will not be able to hit the port

If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: https://penconsultants.com/contact-us/

magnifiercrosschevron-down