This isn’t going to be an earth shattering post of supreme l33t-ness, just a quick note so I don’t forget how to do this:
If you want to get the Bouncy Castle provider working in Ubuntu – so you can do things like, say, update the cacerts.bks on an Android device with the PortSwiggerCA.crt to MiTM SSL traffic from a mobile device – you need to do the following things:
- Download the Bouncy Castle Provider of your choice. As of this post, the version I’m using is here.
- Put the .jar file in the following directory:
/usr/lib/jvm/java-6-sun/jre/lib/ext - Add the following to /
usr/lib/jvm/java-6-sun/jre/lsecurity/java.security:
security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider - Run the following command:
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias PortSwiggerCA -file PortSwiggerCA.crt
For completeness, the cacerts.bks file can be pulled off the Android device using:
adb pull /system/etc/security/cacerts.bksYou’ll need to remount the /system file system as read-write to push the modified one back, you can do that using the following command (from the adb shell):
# mount -o rw,remount /dev/block/system /systemA side note: it seems that IE9 and Chromium browser have decided to disallow the export of untrusted CA certificates (Older Firefox still allows it, but newer ones may not – I didn’t check). As a result, you may have difficulty getting a copy of the PortSwiggerCA.crt file. If you find yourself in that situation, you’re mostly screwed – unless you have the pro version of Burp, which has an export option.