Burp Suite

---

A java based, advanced proxy / intercept / wiretapping tool for watching your REST API talk and debug.

Its less user-friendly than charles, but it runs on FreeBSD...

It is also recommended by tpatcek

Options are stored in .java/.userPrefs/burp/prefs.xml

Installing a CA

We force Chrome to visit a site where a CA error will throw a User Warning. Basically this means almost any https site. The browser shows a warning- we click through to details of the certificate (it is the one sent by burp, and not the one recieved by burp from https://google

Then export the certificate, and now visit the “update cert” in the browser and import what we just saved.