How to send Python HTTP requests Through Burp Suite proxy
Time needed: 10 minutes.
Playing with Hack The Box requires to use python exploits and scripts to come to its end and get root. It may happen that you need to edit, troubleshoot and debug Python programs that interact with websites using the Requests module. We can redirect the traffic generated to the Burp proxy and make sure it is sending the correct data.
- Download the certificat from Burp Suite url
Open your web browser and go to http://burpsuite.
Click on “CA Certificate” button on the top right corner and save the certificate locally.
- Convert the certificate to PEM encoded format
The certificate downloaded is DER formated and needs to be PEM encoded.
You need to run the following command:
openssl x509 -inform der -in cacert.der -out certificate.pem
- Edit your python code
Edit your python code with the following lines just below the import of Requests and OS modules:
proxy = ‘127.0.0.1:8080’
os.environ[‘http_proxy’] = proxy
os.environ[‘HTTP_PROXY’] = proxy
os.environ[‘https_proxy’] = proxy
os.environ[‘HTTPS_PROXY’] = proxy
os.environ[‘REQUESTS_CA_BUNDLE’] = “/path/to/cert/cacert.pem”
- Run your script
Ensure that burp is intercepting traffic then run your script as usual.
Now all your HTTP requests are routed to Burp!