Skip to content

Basic HTTPS Request Solution

Jump to bottom
Tim edited this page Aug 5, 2017 · 3 revisions
  1. Follow the challenge set up guide.
  2. Open Burp Suite in the OWASP VM with burp
    1. Set the Proxy -> Options -> Proxy Options -> Edit -> Specific address to 10.13.13.102.
    2. Enable Proxy -> Options -> Proxy Options -> Edit -> Request handling -> Support invisible proxying.
    3. Troubleshooting: Enable Proxy -> Options -> Proxy Options -> Edit -> Miscellaneous -> Allow request to web interface using full qualified DNS hostnames.
  3. Import the Burp CA into the Android VM:
    1. Download the Burp CA via http://burp via a web browser (this might need proxy settings for the browser)
    2. Move the CA to the Android VM adb push Downloads/cacert.der /sdcard/Download/burpCA.crt
    3. Now open the Android Settings -> Security -> Install from SD-Cardand install the CA from /sdcard/Download/
  4. In the Android VM navigate to Basic HTTPS Request and submit the request via the button.
  5. Burp and the application should now show you the string:
    1. HAHAHAHAHAH! No one will steal my secret messages! They are soooo "Military Grade" encrypted! And buzzwords can't fail.

Please open an issue in the case you found a mistake in the wiki.

Challenges

Solutions

Clone this wiki locally