SongShuA

SongShuA

胸中梦黄粱,手握自在心 一个充满想法的网络安全从业人员 A person with dreams in their heart and the ability to control their own destiny, who is a creative professional in the field of cybersecurity.
github
HomeArchives

Some pitfalls to remember when using burp

#burp242
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses some issues encountered while using Burp, a web application security testing tool, on different browsers such as 360 browser, Edge, and IE. The author provides solutions to problems such as the inability to export certificates and certificates not working after successful import. Additionally, the author suggests a solution for text drifting issues that may occur when using the latest version of Burp.

Title: Some Pitfalls of Using Burp

Date: 2020-06-08 16:14

I just got a new computer and had to reinstall a bunch of stuff. When I installed Burp, I encountered some issues, so I'm writing them down here.

Browsers:

360 Speed Browser

Edge Browser

IE Browser

Burp Version: v2020.2.1

The first issue was that I couldn't export the certificate. The proxy was working fine and I could capture packets, but I couldn't access http://burp. Then I thought that maybe it was a bug caused by too many modifications made by 360 browser, so I switched to Edge (after all, it's the son of Microsoft). Even after setting up the proxy, I still couldn't access it.

Solution:

  1. Set up the proxy in Internet Options and use IE browser to access it. (Although I didn't want to, it worked.)

  2. Use the built-in export function in Burp to export the certificate directly.

1800663278.png

(Remember to change the file extension when exporting.)

The second issue was that the certificate didn't work after successfully importing it.

I've encountered this issue before, and it magically resolved itself. But since it was still a problem, I decided to investigate it further. At first, I thought it was caused by this:

3569883240.png

However, clearing it didn't have any effect. I checked the certificate location multiple times, and it was indeed in the trusted area. Finally, I found a "blind spot" in the certificate list. There were two identical PortSwigger CA certificates, but one could be deleted while the other had the delete option grayed out. So, I speculated that the certificate that couldn't be deleted was installed under certain circumstances (possibly a bug), and the second one was installed by myself. Therefore, the problem should be with the certificate that couldn't be deleted.

Solution:

  1. Run cmd and enter mmc.

3483237941.png

  1. Select "Add/Remove Snap-in" and add the certificate option.

1066693134.png

29816462.png

  1. In this window, you can delete the certificate that couldn't be deleted.

716612937.png

  1. After deleting it, follow the usual certificate installation method (I added it to the Intermediate Certificate first, then exported it and installed it in the Trusted Certificate).

That's it.

The more I write, the more I want to omit. Goo goo goo!

2021

Here's another one. After capturing packets with the new version of Burp, the body of the request may appear shifted. Most people improve it by adjusting the font and size, but that's just a temporary fix. The correct method is to go into JAVA (or JRE), right-click on java.exe or javaw.exe, select compatibility options, uncheck DPI scaling, and choose system options.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.