Why would you want to do that? Well, suppose you have a thick client connecting to some SSL service. It may use a client cert stored in the Windows registry. You must export it properly to be able to perform man-in-the-middle.
1. Export the corresponding registry key for the needed cert from:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\<YourApp>\CertificatesKeep only the hexa from the file (i.e. remove commas, backslashes and extra junk), copy this data in an hex editor, save the file under clear.cer.
2. Under windows run commands:
certutil -encode clear.cer b64.cer certutil -dump b64.cer3. Run the "certmgr.msc" MMC, and under Personal, choose "All Tasks > Import...". Place it under the "Personal" certificate store.
4. Choose the previously created file and import it. Now it should be added to the store. Right-click it to export it, choose PKCS#12, choose to export the priv key + all certs in the path.
5. Use this .pfx in burp as the Client Certificate. Enjoy.
No comments:
Post a Comment