Install burp suite mac1/16/2024 ![]() With this knowledge, I was able to automate certain things that were not possible through their vanilla CLI or the published API docs. In the past, I have even proxied the CLI tools provided by a commercial security tool we used and learned about some undocumented APIs and behaviors that were not in their documentation. ![]() I have used these techniques to inspect popular CLI tools like the Azure CLI ( az) and Zeit’s now utility. If a CLI tool is not working as expected and the error messages are unhelpful, the problem can become obvious as soon as you look at the actual HTTP requests and responses it’s making/receiving. A lot of CLI tools for popular services are just making HTTP requests, and being able to inspect and/or modify this traffic is really valuable. However, I often want/need to inspect traffic that comes from other tools besides browsers - most notably command line tools. The general use case for a tool like Burp or mitmproxy is to configure a browser to communicate through it, and there are plenty of write-ups and tutorials on how to configure Firefox, Chrome, etc to talk to Burp Suite and to trust the Burp self-signed Certificate Authority. It can be extremely helpful to look “under the hood” at actual HTTP requests being made to make sense of complex APIs or to test that one of my scripts or tools is working correctly. I actually find myself using Burp more for debugging and learning than for actual pentesting nowadays. ![]() Intercepting HTTP proxies such as Burp Suite or mitmproxy are extremely helpful tools - not just for pentesting and security research but also for development, testing and exploring APIs. Trusting the Proxy Certificate at the OS Level.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |