Install and Setup Burp Suite Proxy & Certificate with Java Application

Introduction

Java application sometimes did not go through (use) the global proxy setting. This means that even we setup the proxy and import the burp suite certificate, we are still not able to intercept HTTPs traffic.

This article is going to show you how to setup your Burp Suite proxy and certificate with Java Application for intercepting HTTPs traffic.

Environment

a clean Windows 7 with IE;
a Java application;
Installed Firefox and Burp Suite Pro;
Imported Burp Suite certificate into Firefox and IE;

Preparation

1. Install Java environment

Navigate to the Java offical website to download Java application and install it.

2. Restart computer

Restart your computer

Setup Burp Suite Proxy & Certificate with Java Application

1. Import Burp Suite Certificate

1.1 Open CMD and navigate to the Java bin folder. (Please notice that the version number “jre1.8.0_261” may different)

cd C:\Program Files\Java\jre1.8.0_261\bin

1.2 Execute the following command to import Burp Suite certificate into Java keyStore by using KeyTool.

Java KeyTool is a command line tool which can generate public key / private key pairs and store them in a Java KeyStore.

1.der is the Burp Suite certificate, burp.jks is the Java KeyStore file. Please take a note of the KeyStore filename (burp.jks), we need it later.

keytool.exe -import -trustcacerts -file C:\Users\IEUser\Downloads\1.der -alias BURPSUITE -keystore burp.jks

After we execute it, KeyTool asks us to provide a password, i used: 123456. Please also take a not of the password (123456).

1.3 Execute following command to confirm if the certificate import successfully. Please provide correct KeyStore name and password.

keytool -keystore burp.jks -list

Now, we successfully imported Burp Suite certificate into Java.

2. Setup Burp Suite Proxy

Add following parameters when you execute your java application: (Please make sure that you provide correct trustStore path, KeyStore name and KeyStore password)

-Djavax.net.ssl.trustStore=C:\Program Files\Java\jre1.8.0_261\bin\burp.jks
-Djavax.net.ssl.trustStorePassword=123456

Then, you should be able to intercept HTTPs traffic with your burp.