While testing a Java based thick client, I discovered the developers had left an option to set a proxy right inside the app (handy!). That meant I could throw all the app traffic through BurpSuite, and manipulate it as I wished.
The problem I ran into was that Java didn't trust the Burp CA. To get around that, I needed to add the CA to the default Java keystore. That turned out to be simple enough, the main thing to know was where the Java keystore is stored:
and what the password is:
Once I had those, importing was painless:
$ keytool -import -trustcacerts -file ~/burp.cer -alias BURPSUITE -keystore $JAVA_HOME/jre/lib/security/cacerts Enter keystore password: changeit Owner: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger Issuer: CN=PortSwigger CA, OU=PortSwigger CA, O=PortSwigger, L=PortSwigger, ST=PortSwigger, C=PortSwigger Serial number: 563a4f3e Valid from: Wed Nov 04 13:32:30 EST 2015 until: Tue Oct 30 14:32:30 EDT 2035 Certificate fingerprints: MD5: AF:5E:1C:E9:D5:18:4B:EC:7D:E3:6C:C7:91:BE:11:F0 SHA1: D5:5E:D4:2B:BC:4D:D0:0F:A2:04:97:AC:B8:1E:EB:DA:95:94:60:DB SHA256: 73:F6:FF:6B:63:9C:E6:80:86:A3:63:C6:C5:08:77:F1:69:DA:71:34:4A:E5:7E:1B:33:5A:4B:F4:FD:1F:E1:6 B Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 220.127.116.11 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] #2: ObjectId: 18.104.22.168 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 20 1C 1C 67 C2 21 B5 73 21 88 E2 77 6C 1D 2E 80 ..g.!.s!..wl... 0010: 97 8E B2 D7 .... ] ] Trust this certificate? [no]: yes Certificate was added to keystore