Capturing Plaintext with Burp Suite Using a Double‑Layer MITM

The article demonstrates a double‑layer MITM setup (mitmproxy → Burp Suite → mitmproxy) to decrypt SM2‑encrypted web request and response traffic, provides step‑by‑step commands, common pitfalls, and a GitHub skill that automates the process.

Black & White Path
Black & White Path
Black & White Path
Capturing Plaintext with Burp Suite Using a Double‑Layer MITM

Problem

The target web application encrypts both request and response payloads with SM2. The public key encrypts data on the client side, while a different private key decrypts data on the server side, making it impossible to obtain plaintext directly.

Principle

Double‑layer MITM intercepts traffic, decrypts it for Burp Suite, then re‑encrypts it before forwarding.

Request: browser → mitmproxy (decrypt) → Burp Suite (plaintext) → mitmproxy (encrypt) → server
Response: server → mitmproxy (decrypt) → Burp Suite (plaintext) → mitmproxy (encrypt) → browser

Analysis of encryption

Use MCP Chrome‑devtools or download the JavaScript files locally so a large language model can analyse the SM2 encryption/decryption logic. Save the captured request/response packets to a markdown file and note the file paths of the public and private keys.

analysis diagram
analysis diagram

MITM Setup

Install mitmproxy: pip install mitmproxy Run mitmproxy in client mode (upstream proxy points to Burp Suite):

set MITM_MODE=client
mitmdump -s mitmproxy_addon.py --mode upstream:http://127.0.0.1:8080 -p 8888

Configure Burp Suite to use the upstream proxy (port 8888).

Burp proxy configuration
Burp proxy configuration

Run mitmproxy in server mode to forward traffic back to the browser:

set MITM_MODE=server
mitmdump -s mitmproxy_addon.py -p 8889

Common issues

If the generated Python script does not replace the public/private keys in the JavaScript files, edit the script to perform the substitution.

When execution errors occur, copy the error messages and feed them to an AI model for troubleshooting.

Skill repository

The complete procedure is packaged as a skill in the following GitHub directory:

https://github.com/boqiqibo/Sec-Skills/tree/main/analyze-encrypted-web-traffic

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

security testingmitmproxyMITMBurp SuiteSM2 encryptionweb traffic analysis
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.