3

I have a client application installed on my Windows computer and I want to perform a MITM on this application to inspect the traffic. I understand that Burp can do the MITM for web application, but can it do the same for a client application?

If yes, how do I setup Burp to intercept with client apps? Thanks!

mhr
  • 329
  • 3
  • 10
Law
  • 131
  • 1
  • 2

3 Answers3

2

Short answer:

It depends on how your client application communicates to the backend server.

Long answer

The answer to this question depend on how the application communicates.

  1. If it is using HTTP for communication and if it relies on the system proxy settings, yes you can: by setting the system proxy to the burp proxy listener.
  2. If it is using HTTP for communication and if it does not rely on system proxy: yes if there is a way to configure the executable to use proxy from a configuration file or by reverse engineering.
  3. If it is using HTTP for communication and if it relies on the system proxy settings, yes you can: by setting the system proxy to the burp proxy listener.
  4. If it is using HTTPS and if it relies on the system trust store and proxy, you can: by setting the system proxy to the burp proxy listener and adding burp certificate to your system trust store.
  5. If it is using HTTPS and is using a custom trust store, you can: if the custom trust store can be manipulated by reverse engineering the executable or a configuration file.
  6. If it is using some other binary protocol, https://github.com/summitt/Burp-Non-HTTP-Extension could be an option. Doesn't work always though
hax
  • 3,851
  • 1
  • 16
  • 34
1

Can it do the same for a client application?

As always, this depends. If the client application uses HTTP(S) to communicate to the server, then Burp can be used.

If the client does not communicate using HTTP(S), Burp is not your application. However, you could use common tools to sniff the network such as tcpdump or wireshark to intercept the traffic.

Note: In case the client application uses encryption to communicate to the server, you will only see encrypted data.

Jeroen
  • 5,783
  • 2
  • 18
  • 26
  • 2
    Actually there are some Burp plugins that allow to intercept non-HTTP(S) traffic. E.g. NoPE Proxy – D.O. Oct 02 '19 at 13:50
  • 1
    @D.O. That's great! I was unaware of this plugin. I will go and test it out! Thanks a lot! – Jeroen Oct 02 '19 at 14:14
0

Can Burp be setup to intercept traffic from client application?

Yes if the application uses the supported protocol

If yes, how do I setup Burp to intercept with client apps?

You need to follow the following steps -

  1. Configure Burp suite's Proxy to listen to a specific port
  2. Configure the client app's network interface to forward all the traffic to Burp suite's proxy server at the given port
  3. If the client app uses HTTPS then you need to download/export (or import key and certificate if you want you use your own) the certificate from the Option tab under the Proxy tab. After that import the certificate into the client's certificate storage.

That's it. You can now intercept and see the supported network traffic.

Alternative solution

You can use Bettercap or Xerosploit to perform MITM attack without configuring proxy in the client's network interface. As these tools utilize ARP spoofing. Good routers could prevent ARP spoofing though.

Roaim
  • 251
  • 2
  • 5