Saturday, October 26, 2013

SoapUI - Client side cert - Burp

Many of you who've Googled around for SoapUi - Burp would have seen my earlier post on it, and also a cooler post here.

This time I also had a JKS client certificate that I needed to send to invoke a web-service method. Turns out that while Burp accepts certificates..it doesn't directly accept JKS certs - you need to convert it into PKCS12 instead.

You can easily convert a JKS cert into a PKCS12 cert using the keytool utility that comes along with JDK. Here is the exact command that you need to run to do that.


keytool -importkeystore -srckeystore -srcstorepass -destkeystore -srcstoretype JKS -deststoretype PKCS12 -deststorepass

Make sure that you use this exact command. That's coz there's plenty of other interactive variants to this..but using any of those turn up with a number of weird errors related to incorrect passwords or padding or something else while attempting to import the cert.

Once you have the PKCS12 file, navigate to Options - SSL - Client SSL certificates and add your certificate there.

Configure SoapUI to talk to Burp now as per this or this.. and you should be all set. Have fun :)

Monday, October 7, 2013

Sharif University CTF - 2013

I played the Sharif University CTF 2013 with my CTF team. Wrote up a short summary on the challenges I could complete successfully. I could complete the following:

3 Trivia
Web 100
Rev 100
Forensics 100

Write ups for all of these is available here - https://www.dropbox.com/s/lyzm0rbxn2xa50n/SharifUniv_2013.docx