Redhalo

Time needed: 10 minutes.

Playing with Hack The Box requires to use python exploits and scripts to come to its end and get root. It may happen that you need to edit, troubleshoot and debug Python programs that interact with websites using the Requests module. We can redirect the traffic generated to the Burp proxy and make sure it is sending the correct data.

1. Download the certificat from Burp Suite url

   Open your web browser and go to http://burpsuite.
   Click on “CA Certificate” button on the top right corner and save the certificate locally.
   
   

2. Convert the certificate to PEM encoded format

   The certificate downloaded is DER formated and needs to be PEM encoded.
   You need to run the following command:
   openssl x509 -inform der -in cacert.der -out certificate.pem
   
   

3. Edit your python code

   Edit your python code with the following lines just below the import of Requests and OS modules:
   
   proxy = ‘127.0.0.1:8080’
   os.environ[‘http_proxy’] = proxy
   os.environ[‘HTTP_PROXY’] = proxy
   os.environ[‘https_proxy’] = proxy
   os.environ[‘HTTPS_PROXY’] = proxy
   os.environ[‘REQUESTS_CA_BUNDLE’] = “/path/to/cert/cacert.pem”
   
   

4. Run your script

   Ensure that burp is intercepting traffic then run your script as usual.
   Now all your HTTP requests are routed to Burp!