Redhalo

How to send Python HTTP requests Through Burp Suite proxy

Time needed: 10 minutes.

Playing with Hack The Box requires to use python exploits and scripts to come to its end and get root. It may happen that you need to edit, troubleshoot and debug Python programs that interact with websites using the Requests module. We can redirect the traffic generated to the Burp proxy and make sure it is sending the correct data.

  1. Download the certificat from Burp Suite url

    Open your web browser and go to http://burpsuite.
    Click on “CA Certificate” button on the top right corner and save the certificate locally.

    downloading burp suite certificate

  2. Convert the certificate to PEM encoded format

    The certificate downloaded is DER formated and needs to be PEM encoded.
    You need to run the following command:
    openssl x509 -inform der -in cacert.der -out certificate.pem

  3. Edit your python code

    Edit your python code with the following lines just below the import of Requests and OS modules:

    proxy = ‘127.0.0.1:8080’
    os.environ[‘http_proxy’] = proxy
    os.environ[‘HTTP_PROXY’] = proxy
    os.environ[‘https_proxy’] = proxy
    os.environ[‘HTTPS_PROXY’] = proxy
    os.environ[‘REQUESTS_CA_BUNDLE’] = “/path/to/cert/cacert.pem”

    edit pyhton code

  4. Run your script

    Ensure that burp is intercepting traffic then run your script as usual.
    Now all your HTTP requests are routed to Burp!