Just a quick tech note for my own reference in the future.
\nWhile testing a Java based thick client, I discovered the developers had left an option to set a proxy right inside the app (handy!). That meant I could throw all the app traffic through BurpSuite, and manipulate it as I wished.<\/p>\n
The problem I ran into was that Java didn’t trust the Burp CA. To get around that, I needed to add the CA to the default Java keystore. That turned out to be simple enough, the main thing to know was where the Java keystore is stored: \u00a0\u00a0 Once I had those, importing was painless:<\/p>\n Just a quick tech note for my own reference in the future. While testing a Java based thick client,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[11,28,31],"class_list":["post-21","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-crypto","tag-java","tag-keystore"],"_links":{"self":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21"}],"version-history":[{"count":0,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/21\/revisions"}],"wp:attachment":[{"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}$JAVA_HOME\/jre\/lib\/security\/cacerts<\/code>
\nand what the password is: \u00a0\u00a0 changeit<\/code><\/p>\n$ keytool -import -trustcacerts -file ~\/burp.cer -alias BURPSUITE -keystore $JAVA_HOME\/jre\/lib\/security\/cacerts\n\nEnter keystore password: changeit\n\nOwner: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger\nIssuer: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger\nSerial number: 563a4f3e\nValid from: Wed Nov 04 13:32:30 EST 2015 until: Tue Oct 30 14:32:30 EDT 2035\nCertificate fingerprints:\n MD5: AF:5E:1C:E9:D5:18:4B:EC:7D:E3:6C:C7:91:BE:11:F0\n SHA1: D5:5E:D4:2B:BC:4D:D0:0F:A2:04:97:AC:B8:1E:EB:DA:95:94:60:DB\n SHA256: 73:F6:FF:6B:63:9C:E6:80:86:A3:63:C6:C5:08:77:F1:69:DA:71:34:4A:E5:7E:1B:33:5A:4B:F4:FD:1F:E1:6\nB\n Signature algorithm name: SHA256withRSA\n Version: 3\n\nExtensions:\n\n#1: ObjectId: 2.5.29.19 Criticality=true\nBasicConstraints:[\n CA:true\n PathLen:0\n]\n\n#2: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: 20 1C 1C 67 C2 21 B5 73 21 88 E2 77 6C 1D 2E 80 ..g.!.s!..wl...\n0010: 97 8E B2 D7 ....\n]\n]\n\nTrust this certificate? [no]: yes\nCertificate was added to keystore<\/pre>\n","protected":false},"excerpt":{"rendered":"