Burp Suite Proxy与java应用程序

时间:2018-05-03 14:18:29

标签: java truststore burp

我有接收代理设置的java应用程序。

  1. 我从Burp Suite导出了证书

  2. 使用keytool:

    将此证书导入java密钥库 
    keytool -import -trustcacerts -file ~/cacert_7.der -alias BURPSUITE -keystore /home/dmitriy/Test/java/lib/security/cacerts -storepass

  3. 然后检查添加:

    keytool -keystore /home/dmitriy/Test/java/lib/security/cacerts -list -storepass 

burp, 03.05.2018, trustedCertEntry, 
Certificate fingerprint (SHA1): 0A:3E:E0:C0:73:E6:0E:D9:5C:8F:0A:CC:31:E1:33:37:55:2A:85:BF

  4. 运行我的应用程序

    java -jar Chameleon.jar -Djavax.net.ssl.trustStore=/home/dmitriy/Test/java/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***

    5. 但我仍然收到错误:

    sun.security.validator.ValidatorException: No trusted certificate found

    我将此证书导入浏览器并且工作正常,但我的java文件存在问题。

      

    java -version java version“1.8.0_131”Java(TM)SE运行时环境   (build 1.8.0_131-b11)Java HotSpot(TM)64位服务器VM(构建   25.131-b11,混合模式)

    尝试使用Fiddler并收到下一个错误:

      

    由于RemoteCertificateChainErrors,服务器(host.com)提供了未验证的证书。

         

    0 - PartialChain

         

    ISSUER:CN = RapidSSL SHA256 CA,O = GeoTrust Inc.,C = US

    更新

    使用parametr运行时:-Djavax.net.debug = all 

    adding as trusted cert:
  Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x1be715
  Valid from Wed Jan 01 09:00:00 EET 2014 until Fri May 30 10:00:00 EEST 2031

adding as trusted cert:
  Subject: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x236d1
  Valid from Sat Feb 20 00:45:05 EET 2010 until Wed Feb 19 00:45:05 EET 2020

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    尝试使用“使用自定义协议和密码”选项重新生成证书,但证书仍然不受信任:

    Owner: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger
Issuer: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger
Serial number: 536e02a9
Valid from: Sat May 10 13:42:49 EEST 2014 until: Mon May 10 13:42:49 EEST 2038
Certificate fingerprints:
     MD5:  FC:8B:C8:A1:9E:92:08:33:F2:0B:34:F1:48:85:D0:BB
     SHA1: 21:C3:01:1C:9E:7C:06:92:2E:A9:B7:38:12:3B:3D:8E:FA:39:72:17
     SHA256: 36:EE:79:A9:7A:5E:4E:E5:4C:8B:5E:AD:6B:9C:2F:A8:EA:63:A6:65:44:9E:4B:20:5E:DE:EA:37:32:FB:C5:96
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D1 92 05 BB 78 6B 76 71   64 92 E2 F9 9A C8 81 CA  ....xkvqd.......
0010: E1 71 BF 81                                        .q..
]
]

    更新2:

    问题在于trustcacerts,这个文件在jar存档中。所以我从jar导入我的证书中获取此文件,然后将其移回并启动应用程序。

2 个答案:

答案 0 :(得分:0)

以下是一些示例代码,我可以为您提供一段时间以前的使用方法。这实际上是一个更复杂的情况,因为我们使用管道同时拥有两个信任/密钥存储。

private void intitializeTransportSecurity() throws ClientException{
    if (StringUtils.isNotEmpty(clientConfiguration.getTransportCertKeystore())) {
        final Client client = ClientProxy.getClient(this.port);
        final HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
        TLSClientParameters parameters = new TLSClientParameters();
        parameters.setSSLSocketFactory(createSSLContext().getSocketFactory());
        httpConduit.setTlsClientParameters(parameters);
        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
        httpConduit.setClient(httpClientPolicy);
    }
}
private SSLContext createSSLContext() throws ClientException{
 try {
//Server
    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
    trustStore.load(WsClient.class.getClassLoader().getResourceAsStream("certs/webserver.jks"), 
    KEYSTORE_PASSWORD.toCharArray());

//client
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream is = WsClient.class.getClassLoader().getResourceAsStream(clientConfiguration.getTransportCertKeystore());
    keyStore.load(is,  clientConfiguration.getTransportKeyStorePassword().toCharArray());
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(trustStore);
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, clientConfiguration.getTransportKeyStorePassword().toCharArray());
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return sslContext;
} catch (final KeyStoreException | NoSuchAlgorithmException | IOException | CertificateException | UnrecoverableKeyException | KeyManagementException e) {
        throw new ClientException(e.getMessage(),e);
    }
}

答案 1 :(得分:0)

看起来你已经按照正确的程序进行了操作,详见本文:

但是,您的java参数的顺序错误。您运行应用程序的命令应如下所示:

java -Djavax.net.ssl.trustStore = / home / dmitriy / Test / java / lib / security / cacerts -Djavax.net.ssl.trustStorePassword = * -jar Chameleon.jar

相关问题
最新问题