23Jun/090
Bypassing Java thick client SSL checks
x509 certificate generation
Generate the certificate using OpenSSL:-
$ openssl genrsa 1024 > foo.key $ openssl req -new -x509 -nodes -sha1 -days 7300 -key foo.key > foo.crt $ openssl pkcs12 -export -out foo.p12 -in foo.crt -inkey foo.key -name "your name"
You will need the .p12 file (contains key and certificate) to configure Burp. And the .crt file to add it to the Java keystore used by the client. Checkout Burp's help page for instructions on how to get the first done.
Create a Java keystore, import the certificate
Straightforward enough (just remember the password you entered):
keytool.exe -import -file foo.crt -keystore usefulfor.jks -alias burpcert
Run the application and point it to your keystore
java \ -Djavax.net.ssl.trustStore=usefulfor.jks \ -Djavax.net.ssl.trustStorePassword=password \ -Djavax.net.debug=all \ com.usefulfor.Demo
Other interesting properties that you may need in order to further tweak the SSL configuration are javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.
Popularity: 3% [?]