Burp Suite¶
A java based, advanced proxy / intercept / wiretapping tool for watching your REST API talk and debug.
Its less user-friendly than charles, but it runs on FreeBSD...
It is also recommended by tpatcek
Options are stored in .java/.userPrefs/burp/prefs.xml
Installing a CA¶
We force Chrome to visit a site where a CA error will throw a User Warning. Basically this means almost any https site. The browser shows a warning- we click through to details of the certificate (it is the one sent by burp, and not the one recieved by burp from https://google
Then export the certificate, and now visit the “update cert” in the browser and import what we just saved.