I have installed a new client certificate on my Windows machine
I cannot export the private key for this certificate (the export flag is false)
I am a Linux user that needs to have the cert and private key to import it on BurpSuite to perform tests ...
Install the certificate through the VM as needed
In Internet Explorer, click the settings icon (looks like a gear) and choose "Internet Options"
Click the "Content Tab"
Click the certificate you installed (likely on the Personal tab) and click the "Export..." button
Click "Next" through the next few prompts in the Certificate Export Wizard
On the "File to Export" screen, click "Browse" and find a location (like your Desktop) to save the file to and give it a name
Click "Next" and "Finish"
Bring the certificate back over to Linux
Download mimikatz - a tool that will extract the private key from installed certificates
Extract the mimikatz files to a directory (you only need the Win32 folder)
Run cmd.exe as an Administrator (you may need to navigate to C:\Windows\System32\ and right-click the cmd.exe file)
Run the mimikatz.exe from the command prompt
Run the following commands:
If you need to extract the certificates:
You should have a .pvk (private key) file in the same directory as mimikatz.exe now—probably just the one you installed. If you see multiple private keys, you'll have to determine which one is the one you installed.
You can use some other tools to work with the certificate stores. The certutil tool has some uses, for example you can view all the personal certificates for the current user with:
certutil -user -viewstore Mycertutil -store -userIf you simply want to dump all the information in the console, you can use:certutil -user -store MyTo do the same for the computer account, simply drop the ‘-user’ parameter:certutil -store My or certutil -viewstore MyFor the PowerShell lovers, the Cert: drive can provide most of the needed information. Here are some uses:PS C:\> cd Cert:; dirTo list all the certificates in the ‘Personal’ store for the current user, use:PS Cert:\> dir Cert:\CurrentUser\MyTo get all the details for a particular certificate, you can use the thumbprint:PS Cert:\> dir Cert:\CurrentUser\My\106796B4130A9AE14BF38C7CE553353204613796 | fl *
You can convert the Windows proprietary ".pvk" file to a useful ".pem" file by using the following command:
openssl rsa -inform pvk -in YOUR_PRIVATE_KEY.pvk -outform pem -out YOUR_NEW_PRIVATE_KEY.pem
In BurpSuite "User Options / TLS" option, import the PFX certificate directly obtained from mimikatz, and everything will work fine.
The PFX password is "mimikatz" by default 🤓
From here, you can intercept all the traffic between your browser and the server, use enumeration tools from Linux such as gobuster, dirsearch and, so on. You need to use the BurpSuite as a proxy everytime, or your requests will not be valid (bad SSL handshake).
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
Mimikatz walkthrough: https://gist.github.com/derrickorama/7b08298b657048660293