Burp+SSLintercept with Kali+Docker+Java+Python+Browser
I couldn’t find a single source for setting this up, so I thought I would copy/paste my notes for others to reference. Feedback appreciated.
The goal is to proxy all http-80 and https-443 traffic in a docker/OS stack through Burp with (trusted) SSL intercept.
My Environment:
- Host OS:
- Kali v2018.3
- Burp Suite Community Edition v1.7.35
- Docker v17.05.0-ce
- Openjdk 10.0.2, but also works on Java 10.0.2
- Python 3.6.6
- Docker OS:
- Debian v9
- Openjdk 10.0.2, but also works on Java 10.0.2
Notes:
- root@host:~# will be used when showing host commands to run
- root@docker:~# will be used when showing docker OS commands to run
- Run everything as root
The Steps – Host OS:
Install Burp from the apt-get repo or from portswigger.net.
If you have trouble with this, you can Google how to install Burp.
Disable ipv6 to ensure IP/port bindings are compatible with everything else.
root@host:~# vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Permanently set environment variables.
root@host:~# vi /etc/environment
export http_proxy=http://127.0.0.1:8080/ export https_proxy=http://127.0.0.1:8080/ export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com" export HTTP_PROXY=http://127.0.0.1:8080/ export HTTPS_PROXY=http://127.0.0.1:8080/ export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt # used by python
Source the above into our shell on login
vi /root/.bashrc
source /etc/environment
Proxy apt requests
Note, this will cause problems with certs not validating, which I’ve been unable to solve as of yet. Skip it if not needed.
root@host:~# vi /etc/apt/apt.conf.d/95proxies
Acquire::http::proxy "http://127.0.0.1:8080/"; Acquire::https::proxy "https://127.0.0.1:8080/";
Tell Java to use the proxy.
root@host:~# echo $JAVA_HOME
The above should give you the path to Java’s home path such as
/usr/lib/jvm/java-10-openjdk-amd64″ or “/usr/share/java/jdk-10.0.2
root@host:~# vi [JAVA_HOME FROM ABOVE]/conf/net.properties Example: vi /usr/lib/jvm/java-10-openjdk-amd64/conf/net.properties
# Make sure the following are uncommented and configured to: http.proxyHost=127.0.0.1 http.proxyPort=8080 http.nonProxyHosts=localhost|127.*|[::1] https.proxyHost=127.0.0.1 https.proxyPort=8080
Export the Burp CA Cert
- Go to the Proxy tab in Burp
- Go to the subtab, Options
- Click on the export CA Certificate button
- Export Certificate in DER format to /tmp/burp.der
Convert the CA Cert and drop it in the needed locations
root@host:~# cd /tmp/ root@host:~# openssl x509 -in burp.der -inform DER -out burp.pem -outform PEM root@host:~# chown root:root burp.pem root@host:~# chmod 644 burp.pem root@host:~# cp burp.pem /usr/local/share/ca-certificates/burp.crt root@host:~# c_rehash -v /usr/local/share/ca-certificates/. root@host:~# update-ca-certificates # Assuming the symlink is already present, these steps are not needed root@host:~# cd /etc/ssl/certs/ root@host:~# sudo ln -s /usr/local/share/ca-certificates/burp.pem root@host:~# sudo c_rehash -v . # These likely not be needed either, but placing it here for future reference... root@host:~# cd /usr/share/ca-certificate root@host:~# cp /tmp/burp.pem burp.crt root@host:~# dpkg-reconfigure ca-certificates # select burp cert (should be top of list) and hit "ok"
Locate the Java certs location:
root@host:~# find / 2>/dev/null |grep /java/cacerts
In kali, it should be at /etc/ssl/certs/java/cacerts
root@host:~# keytool -importcert -alias startssl -keystore [THE CACERTS PATH FROM ABOVE] -storepass changeit -file /tmp/burp.pem Then type "yes" and hit enter.
Don’t forget to import the burp cert into your browser. Google “install ca certificate in X” for Firefox or Chrome.
The Steps – Docker OS (mainly):
Setting the environment variables
This was supposed to set env variables in the docker image, but did not. Leaving it here until I figure that out…will update:
root@host:~# vi /etc/default/docker
export http_proxy=http://[HOST OS IP]:8080/ export https_proxy=http://[HOST OS IP]:8080/ export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com" export HTTP_PROXY=http://[HOST OS IP]:8080/ export HTTPS_PROXY=http://1[HOST OS IP]:8080/
If the above does not work, add it to the docker image:
root@host:~# docker exec -it -u root [DOCKER NAME] /bin/bash root@docker:~# vi /etc/environment
export http_proxy=http://[HOST OS IP]:8080/ export https_proxy=http://[HOST OS IP]:8080/ export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com" export HTTP_PROXY=http://[HOST OS IP]:8080/ export HTTPS_PROXY=http://1[HOST OS IP]:8080/
Set the proxy for Java in docker
Find the path for Java’s “net.properties”:
root@docker:~# find / 2>/dev/null |grep net.properties
Assuming you don’t have vi, echo the proxy settings to the file:
root@docker:~# echo "http.proxyHost=[HOST OS IP]" >> /etc/java-8-openjdk/net.properties root@docker:~# echo "http.proxyPort=8080" >> /etc/java-8-openjdk/net.properties root@docker:~# echo "https.proxyHost=[HOST OS IP]" >> /etc/java-8-openjdk/net.properties root@docker:~# echo "https.proxyPort=8080" >> /etc/java-8-openjdk/net.properties
Copy the Burp CA Cert to the docker container
root@host:~# docker ps -a
Copy the container ID.
Upload the cert to the docker container:
root@host:~# docker cp /tmp/burp.pem [CONTAINER ID]:/tmp
Tell Java (in docker) to trust the burp cert
root@docker:~# find / 2>/dev/null | grep /java/cacerts
It will most likely be: /etc/ssl/certs/java/cacerts
Use it below…
root@docker:~# keytool -importcert -alias startssl -keystore /etc/ssl/certs/java/cacerts -storepass changeit -file /tmp/burp.pem Then type "yes" and hit enter
Commit docker changes
root@docker:~# docker commit [DOCKER NAME] [NEW IMAGE NAME] root@docker:~# docker kill [OLD CONTAINER ID] root@docker:~# docker rm [OLD CONTAINER ID] root@host:~# reboot now
On startup (do every time):
Fire up Burp and do the following
- Disable intercept from proxy tab - alt (make it permanent): Settings > Proxy > Default Proxy state > Disable
- Set the interface to “all interfaces”, not just loopback, or your docker container will not be able to hit the port
If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: https://penconsultants.com/contact-us/