This isn’t going to be an earth shattering post of supreme l33t-ness, just a quick note so I don’t forget how to do this:
If you want to get the Bouncy Castle provider working in Ubuntu – so you can do things like, say, update the cacerts.bks on an Android device with the PortSwiggerCA.crt to MiTM SSL traffic from a mobile device – you need to do the following things:
- Download the Bouncy Castle Provider of your choice. As of this post, the version I’m using is here.
- Put the .jar file in the following directory:
- Add the following to /
- Run the following command:
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias PortSwiggerCA -file PortSwiggerCA.crt
For completeness, the cacerts.bks file can be pulled off the Android device using:
adb pull /system/etc/security/cacerts.bks
You’ll need to remount the /system file system as read-write to push the modified one back, you can do that using the following command (from the adb shell):
# mount -o rw,remount /dev/block/system /system
A side note: it seems that IE9 and Chromium browser have decided to disallow the export of untrusted CA certificates (Older Firefox still allows it, but newer ones may not – I didn’t check). As a result, you may have difficulty getting a copy of the PortSwiggerCA.crt file. If you find yourself in that situation, you’re mostly screwed – unless you have the pro version of Burp, which has an export option.