Burp Suite User Forum

Create new post

Error: Your connection is not secure

Steve | Last updated: Jan 17, 2019 11:46PM UTC

Hello I am getting the following error (Firefox) when attempting to visit bbc.co.uk: Your connection is not secure The owner of www.bbc.co.uk has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site. I also tried the Mozilla Support Web site and got the same error. I have Firefox configured as follows: and Port 8080 - proxy server for all protocols. The 'No proxy for' field is blank. In Burp Suite, with the 'Intercept is on' button depressed, I see this: GET /success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: close What should I be doing, please, that I am not doing? Thank you.

Liam, PortSwigger Agent | Last updated: Jan 18, 2019 08:20AM UTC

Hi Steve Thanks for your message. Have you installed the Burp CA Certificate in your browser? - https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser This should fix any HSTS errors.

Burp User | Last updated: Jan 19, 2019 04:00PM UTC

Hi, I have the same problem as Steve has. I have done the installation of CA Certificate as instructed. But the issue of HSTS error persists. What should I do? Thanks / Richard

Liam, PortSwigger Agent | Last updated: Jan 21, 2019 08:56AM UTC

Richard, it may be that the certificate didn't install correctly. Could you try removing the cert, downloading a clean instance and reinstalling? Additionally, which browser are you using? Have you tried using another browser?

Burp User | Last updated: Feb 28, 2019 12:18AM UTC

I am getting the same issue as the thread source. I have downloaded the CA certificate, but whenever I try to access any website while I have selected "use this proxy server for all protocols" in firefox.

PortSwigger Agent | Last updated: Mar 01, 2019 12:07PM UTC

As well as downloading the certificate you need to install it in Firefox. There are instructions here: - https://support.portswigger.net/customer/portal/articles/1783087-installing-burp-s-ca-certificate-in-firefox

Burp User | Last updated: Mar 25, 2019 08:03PM UTC

The url to download the burp CA on firefox is not working.

PortSwigger Agent | Last updated: Mar 26, 2019 10:02AM UTC

I just check and it's working for me. Is your browser configured to proxy through Burp?

Burp User | Last updated: May 26, 2019 08:52PM UTC

hello. this is new problem.. i have this problem...I know why this problem arises. firefox 60.6.3 esr with ca certificate not working.... my computer has 2 firefox versions available... firefox 60.6.3 version not working with ca certificate firefox 45 version working with ca certificate (The CA certificate works in versions smaller than 60.) you need to solve this problem immediately.

PortSwigger Agent | Last updated: May 28, 2019 09:27AM UTC

I've just checked and the Burp certificate is working correctly in newer Firefox versions. When installing the certificate you need to enable "Trust this CA to identify websites". We'll be updating our instructions to make this clearer.

Burp User | Last updated: Jun 04, 2019 08:26PM UTC

To remove this make sure you visit http://burp and download the CA cert. then do both of these steps. Step 1: Go to preferences privacy and security scroll all the way down view certs under authorities install it and install it by clicking import selecting the file and hitting ok. Step 2: In the browsers search bar type: about:config then click ok search for: security.ssl.enable_ocsp_stapling and make sure the value is set to false. That should do it. Enjoy.

Liam, PortSwigger Agent | Last updated: Jun 05, 2019 10:44AM UTC

Jacob, have you tried using another browser? In Firefox, could you send us a screenshot of the cert installed in the Cert Authorities tab? (support@portswigger.net)

Burp User | Last updated: Jul 16, 2019 02:29AM UTC

I am also having issues with this. I have downloaded a cert from http://burp numerous times and re-imported into Firefox with no luck. I also tried exporting a cert from Burpsuite a few times from the Proxy > Options. No luck. Finally, I tried turning the security.ssl.enable_ocsp_stapling configuration to FALSE and I still get the Secure Connection Error. What more can I try?

Burp User | Last updated: Aug 31, 2019 06:58AM UTC

Yes, I was also facing the same issue. I think the issue is with the latest version of chrome (Version 76.0.3809.132 (Official Build) (64-bit)) and firefox(68.x) . When I used older version i.e 58.x it worked.

Burp User | Last updated: Sep 01, 2019 12:18AM UTC

Using FF 68.0.2-1.fc30 on Fedora 30 had this same problem after downloading and installing the cert. Issue was resolved by following this instruction: When installing the certificate you need to enable “Trust this CA to identify websites”. We’ll be updating our instructions to make this clearer. Thank you.

Hannah, PortSwigger Agent | Last updated: Sep 02, 2019 01:40PM UTC

Have you tried using Firefox's built-in proxy rather than Foxy Proxy (about:preferences > General > Network settings > Settings > Manual proxy configuration)?

Burp User | Last updated: Sep 10, 2019 02:51PM UTC

If you are using Windows go to the %AppData% and remove firefox all data then start firefox and add PortSwigger cert again! Hope this help!

Burp User | Last updated: Sep 10, 2019 03:35PM UTC

I finally found out what went wrong! If you block (don't intercept) the requests that firefox sending to its servers (detectportal and ...), firefox enable the MITM detection!

Burp User | Last updated: Sep 10, 2019 03:49PM UTC

I was wrong about 'don't intercept'!

Burp User | Last updated: Oct 10, 2019 06:45PM UTC

you need to install certificate through the settings and checkmark the trust this CA just follow exact inst....below - https://support.portswigger.net/customer/portal/articles/1783087-installing-burp-s-ca-certificate-in-firefox

Burp User | Last updated: Dec 28, 2019 06:28AM UTC

hello i configured burp using foxy proxy i set the values to false but still i get the mitm error /////// www.google.com is most likely a safe site, but a secure connection could not be established. This issue is caused by PortSwigger CA, which is either software on your computer or your network. What can you do about it? www.google.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software. If you are on a corporate network, you can contact your IT department. If you are not familiar with PortSwigger CA, then this could be an attack, and there is nothing you can do to access the site. Learn more…

Burp User | Last updated: Jan 22, 2020 07:10AM UTC

Even I had same problem When tried all of the above solutions and still you get connection is not secure Prefix https:// or http:// to the url you are trying, then refresh the page.

M3dH4ck | Last updated: Apr 15, 2021 06:21PM UTC

i can't solve this issue, from yesterday i got stuck. please anyone who has resolve it share with us how you did it, our just how i can install old version of Firefox, i'm using Kali Linux "Linux kali 5.7.0-kali1-amd6" Thanks

Michelle, PortSwigger Agent | Last updated: Apr 16, 2021 07:41AM UTC

Thanks for your message. Which version of Burp are you using? Can you send us some screenshots showing how you imported the CA certificate into Firefox to support@portswigger.net, please?

M3dH4ck | Last updated: Apr 16, 2021 03:44PM UTC

Thank you for the reply, i have sent you details in the email.

Fehmi | Last updated: Dec 25, 2021 07:52PM UTC

Hi, I'm getting similar responses - "Your connection to this site is not secure" - from the Burp Chromium browser during training for the Burp Professional. Please help. I emailed support@portswigger.net already with the screenshots. Thanks.

Michelle, PortSwigger Agent | Last updated: Jan 04, 2022 10:26AM UTC

Shiva | Last updated: Jan 11, 2023 04:30PM UTC

I tried all the methods that you have replied to other but it is showing bad certificate

Michelle, PortSwigger Agent | Last updated: Jan 12, 2023 08:23AM UTC

Thanks for getting in touch. Can you please tell us a bit more about your setup? - Which version of Burp are you using? - Does this message show when you connect to all sites or specific ones? Are you able to connect to our test site https://ginandjuice.shop? - If you use Burp's embedded browser, do you see the same error?

Dincer | Last updated: Mar 16, 2023 04:30PM UTC

I got the same issue but i figured it out... I recommend that when we press "Regenerate CA Certificate" button, the "Import/export CA certificate" button should be disabled automatically until the next restart. By this approach, the user is forced to restart burp, and than export the certificate. If the user insists to export the certificate, than there should be small warn shown someting like "Burp is waiting for a restart to regenerate the certificate. Please restart it and than export the valid certificate". I think that it's a UX issue...

Michelle, PortSwigger Agent | Last updated: Mar 17, 2023 01:47PM UTC

Thanks for the feedback. We'll discuss it with the team.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.