Introduction and Background:
In the previous article of the series, we have discussed how to intercept HTTP/HTTPS traffic of Windows Phones. In this article, we will discuss how to intercept HTTP/HTTPS traffic of the Universal Windows Platform apps running on a Windows 10 computer.
Note: The sample application used in this article can be downloaded here:
Proxying HTTPS traffic:
We will begin with configuring our Windows 10 Desktop to send all it’s HTTP traffic to Burp Proxy. It is as simple as changing Edge browser’s proxy settings and point it to Burp Proxy. In my case, Burp is running on a Mac machine within the same network. So, I have to make sure that Burp has similar settings that are explained in the previous article. If you are running the target app and Burp Suite on the same machine, default burp settings are fine, and no additional settings are required for Burp.
Now, let’s launch our test application, and you should see the following screen.
Let me quickly explain what this app does.
- When you click Send HTTPS request button, the app will send a request to https://www.google.com.
- If the connection is successful, you will see a success message with response headers.
- If any exception occurs, the exception details will be displayed.
Let us click Send HTTPS request button, and we will be shown with the following message as we are using Burp Suite to intercept the traffic.
Following is the Exception shown in Visual Studio Console while running the app from Visual Studio.
A trusted certificate authority did not issue the security certificate presented by Burp Suite once again. The solution is same as what we have done in the previous article. We need to add Burp’s root CA certificate to your Windows machine’s trust store.
Let us first get the root CA certificate of burp onto our local machine.
Configure Firefox browser to send all its traffic to burp proxy. This looks as shown in the figure below.
Now, point your browser to some HTTPS website. In my case, it is https://www.oracle.com. This should look as shown below.
Click, Add Exception button in the above windows and you should see the following screen.
Click View, and you will see the following window.
Next, click details and choose PortSwigger CA and then click export. This looks as shown in the figure below.
Now, we have Burp’s root CA certificate on our machine. This has to be added to your Windows machine’s trust store.
We can do it in two ways:
- The long way.
- The short way
The long way:
Let us first discuss the long way, because it will help you to understand the whole process of where the newly given root CA certificate is being added on your Windows machine. This is important because you are compromising your machine and you need to be able to remove the certificate installed when you don’t need it.
We need to use Microsoft Management Console to do this.
Point to Start, and then click Run. In the Run dialog box, in the Open box, type MMC, and then click OK. You should see the following window.
On the File menu, click Add/Remove Snap-in. Under Available snap-ins, click Certificates, and then click Add. This looks as shown in the figure below.
Under This snap-in will always manage certificates for, click Computer account, and then click Next.
Click Local computer, and click Finish.
Next, click OK in the window shown below.
In the console tree, you should be bale to see a new item named Certificates as shown in the figure below.
Expand it, and select Trusted Root Certificate Authorities. Right-click on Certificates and navigate through All Tasks | Import as shown in the figure below.
Now, you will be taken through the Certificate Import Wizard.
Click Next in the previous window and choose the PortSwigger CA certificate we downloaded earlier.
Choose the radio button that allows you to place the certificate in the Trusted Root Certification Authorities as shown in the figure below.
Finally, click Finish.
If everything is correctly done, you should see the message import was successful, and PortSwigger certificate can be found inside Certificates if you expand it in the Console tree.
If you want to remove the certificate, you can navigate to the same location and right click on the PortSwigger CA certificate and delete. This looks as shown in the following figure.
The short way:
The second way is to double click the PortSwigger CA certificate we downloaded and following the steps shown below. When you double click the PortSwigger CA certificate, it will show us an option to install it. This looks as shown in the figure below.
Click Install Certificate, and you will see the following figure.
In the above screen, choose Local Machine and click Next. Next, choose Place all certificates in the following store and browse Trusted Root Certification Authorities as shown in the figure below.
Click Next, and you should see the following screen.
Click Finish and the certificate import should be a success.
In both the cases, the certificate will be added to your Computer’s trust store.
Now, your system will trust the certificate presented by Burp. Let us launch the app once again and click Send HTTPS request button.
You should be able to see the response headers as shown in the figure below.
By default, the certificate presented by the Burp Proxy is not trusted by your computer since your machine doesn’t contain the root CA certificate in its trust store. For the machine to accept the SSL connections with Burp without throwing SSL errors, we need to add burp’s root CA certificate. So, we have added Burp root CA certificate to the computer’s trust store. The machine is now aware of the certificate presented by Burp, and it should accept the connections without throwing any errors.
In this article, we have discussed how to intercept HTTP/HTTPS traffic of UWP apps on Windows Desktop.