Burp’s functionality extends well beyond the usefulness of the tools included within the suite. One such way in which we have used Burp Suite here at SecureState is to use it as a HTTP Proxy for other tools that don’t support connecting to web applications that require a client-side certificate. Fortunately, Burp handles this pretty well. For this example, we will use the web application scanner, Nikto. Nikto is not proxy-aware and has no way to specify one. Additionally, it cannot be configured to directly connect to web applications that require client-side certificates. With a combination of Burp Suite and proxychains, this is doable.
Configuring Burp to Use Client-Side Certificates
1) Options > SSL : Check the box to “Allow unsafe SSL renegotiation”
2) Check the box to “Choose file …” underneath “Client SSL Certificate”
3) Type in the passphrase on the certificate
4) The box for “Use client SSL Certificate” should REMAIN checked. If not, the passphrase is wrong.
5) If you are running tools from a Virtual Machine, or another system, adjust your proxy settings to bind to all interfaces as needed:
6) Open your browser (which should be configured to use Burp) and browse to the web application to ensure that you can connect and the client-side certificate is working properly.
Configuring Proxychains for Non-Proxy Aware Applications:
Proxychains comes included with Backtrack, but can also be downloaded via SourceForge for Linux/Unix operating systems.
Modify the /etc/proxychains.conf file:
Go to the very bottom and comment out, or remove, the line “socks4 127.0.0.1 9050”
On the next line, add “http <IP Address of Burp system> 8080”
Browse to your Nikto directory and run it by typing your normal command with “proxychains” in front of it.
root@bt:/pentest/web/nikto# proxychains perl nikto.pl -host <ip address> -vhost <dns hostname> -ssl -port 443 |tee -a nikto_results.txt
You can turn Intercept on or look at the proxy history in Burp to verify that is working- look for the Nikto user-agent.
While this example doesn’t use Burp to identify web application vulnerabilities directly, it is a great way to illustrate how some of the included features and functionality can be leveraged in other ways, allowing the security tester to be more flexible during assessments.