Thick Client Proxying

1. Interception

1.1 Intercepting Responses

1.2 Intercepting Request/Responses Rules

1.3 Match and Replace

Proxy > Options > Match and Replace

利用它,就可以实现类似charles proxy的替换功能.

例如替换user-agent

1.4 SSL Pass Through

Proxy > Options > SSL Pass Through

Burp will not MitM anything added to this section and just act like a non-terminating TLS proxy.

This frequently happens with thick clients that use a mix of HTTP and non-HTTP protocols to talk to different endpoints. Burp will MitM the non-HTTP connections and may silently drop or modify packets. This will cause the application to malfunction.

还可以利用此功能, 作为一个port changer.

TO-DO

1.5 Response Modification Options

Convert HTTPs links to HTTP & Remove secure flag from cookies

1.6 Disable Intercept at startup and Miscellaneous

Proxy > Options > Scroll all the way to the bottom > Under Miscellaneous > Enable interception at startup > Always disable

2. Proxy Listeners

这个功能我们用得最多了.

Proxy > Option > Proxy Listeners

2.1 Request Handling

假设我们有个thick client, 会请求www.google.com:8000. 我们可以通过HOST file,将www.google.com指向127.0.0.1. 然后添加一个proxy listener, 如下图.

图中的选项Force use of SSL, 是当你取消Burp与Application之间的TLS, 然后Burp与server之间,添加回TLS.

Example - Piping SSL/TLS Traffic from SoapUI to Burp

不过, 假如thick client, 请求的是同一个domain, 但不同的port. 我们需要使用Options > Connections > Hostname Resolution.

TO-DO