1
00:00:00,390 --> 00:00:04,680
‫Let's see the best way to intercept HTTPS traffic using Burp.

2
00:00:05,710 --> 00:00:12,730
‫The safest way to intercept as traffics is to install the Port Swingers certificate on your browser

3
00:00:13,330 --> 00:00:15,910
‫ports, where is the owner of the Burp Suite tool?

4
00:00:17,280 --> 00:00:24,030
‫First, let's delete if we have any previously installed Port Swiggy certificates, if you didn't try

5
00:00:24,030 --> 00:00:27,090
‫to install a sports figure certificate before, you can ignore this step.

6
00:00:27,720 --> 00:00:28,950
‫Open Firefox.

7
00:00:30,060 --> 00:00:34,830
‫Now, from the menu button to the upper right side of Firefox, follow the path to open the certificates

8
00:00:34,830 --> 00:00:40,770
‫list preferences advanced from left certificates and click view certificates button.

9
00:00:41,310 --> 00:00:45,510
‫Look at the first if there is any puts figure certificate and delete it if there is.

10
00:00:53,880 --> 00:00:55,800
‫Now it's time to run Burp Suite.

11
00:01:04,860 --> 00:01:11,570
‫Configure the browser to use back for this purpose from the foxy proxy icon I choose location host AT&T,

12
00:01:11,940 --> 00:01:20,190
‫which is designed to listen to Port 80 of the local machine type HGTV Collins sluggish burger in the

13
00:01:20,190 --> 00:01:21,690
‫address bar of Firefox.

14
00:01:23,480 --> 00:01:29,900
‫Click see a certificate link at the upper right hand corner and save the file, it's now saved in the

15
00:01:29,900 --> 00:01:31,640
‫download folder on my computer.

16
00:01:33,140 --> 00:01:38,570
‫Now, let's import the download certificate again from the Firefox menu, follow the path to reach the

17
00:01:38,570 --> 00:01:39,500
‫certificate page.

18
00:01:41,370 --> 00:01:46,890
‫Preferences, advanced certificates and click the import button.

19
00:01:47,910 --> 00:01:50,940
‫Choose the certificate you downloaded a few seconds ago.

20
00:01:53,060 --> 00:02:01,340
‫Check trust this CAA to identify Web sites, at least, and click OK, now it's time to intercept an

21
00:02:01,520 --> 00:02:02,660
‫HTTPS traffic.

22
00:02:03,260 --> 00:02:06,350
‫I'll intercept the traffic of Google Skoda UK page.

23
00:02:12,650 --> 00:02:19,820
‫Go to the Burp Suite, as you see the Intercept is on and the request is caught by the Burp Suite to

24
00:02:19,820 --> 00:02:24,470
‫test if everything is OK, I'm going to search for a word intercept for traffic and change the word

25
00:02:24,470 --> 00:02:25,100
‫with another one.

26
00:02:25,910 --> 00:02:28,640
‫I write OWASP in search bar and hit enter.

27
00:02:29,820 --> 00:02:35,250
‫Burp caught the request, I replaced the word OWASP with CIA security.

28
00:02:38,280 --> 00:02:41,130
‫And turn the intercept off to allow the traffic flow.

29
00:02:42,030 --> 00:02:48,330
‫When I go back to Firefox, I see that the word CIA security has been searched instead of a wasp.

30
00:02:49,140 --> 00:02:50,670
‫It works like a charm.