Burp Suite 部分https流量抓包失败问题的解决

问题描述

The client failed to negotiate an SSL connection to alogs.umengcloud.com:443: Received fatal alert: certificate_unknown

简而言之,burp 自带的证书是 1024位,ios9之后使用的证书是 2048位的,所以用Burp 抓包iPhone 的时候会有部分请求是报上面的错误信息,从而抓包失败。
解决办法就是换成 2048 位证书。

生成证书的方法

照搬网上的方法应用即可。

Creating a Custom CA Certificate

You can use the following OpenSSL commands to create a custom CA certificate with your own details, such as CA name:

openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der

[OpenSSL will prompt you to enter various details for the certificate. Be sure to enter suitable values for all the prompted items.]

openssl rsa -in server.key -inform pem -out server.key.der -outform der
openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt

Then click on the “Import / export CA certificate” button in Burp, and select “Cert and key in DER format”. Select ca.der as the certificate file, and server.key.pkcs8.der as the key file. Burp will then load the custom CA certificate and begin using it to generate per-host certificates.

参考

http://hyper-ze.blogspot.com/2017/01/burp-suite-https.html
https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/
http://www.secflag.com/archives/235.html

发表评论