Disclaimer

This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. In here, I will explain how to change PortSwigger certificate to looked like an actual SSL certificate. Follow these steps:

1.Generate private and public certificate by running OpenSSL command.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

2.Then, entered the data needed. To make it simpler, just entered the name of SSL certificate company like Verisign Corp.

To review certificate run:

openssl x509 -text -noout -in certificate.pem

3.Then combine the key generated and certificate in PKCS#12 bundle run:

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

Remember the password you set at it will later be used.

4.Then validate P12 File:

openssl pkcs12 -in certificate.p12 -noout -info

5. Import CA certificate into Burp Suite by going to Tab Proxy -> Options -> Click “Import/Export CA Certificate” -> Choose “Certificate and Private key from PKCS#12 keystore”. Then enter the password you set earlier.

6. In browser setting, find “Certificate”, then “View Certificates…”

7. Import “certificate.pem” file that was previously generated and then check “Trust this CA to identify websites”.

Done.

You can try to check it by going to the padlock icon beside URL and check whether the verified name changes.