Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTPS/HSTS errors after certificate import

RaduN | Last updated: Aug 11, 2020 01:46PM UTC

Hello, I am currently trying to use burp suite pro v2020.08 to intercept traffic for a website which is using HSTS (google.com). I've installed the Burp CA Certificate in the firefox browser, however navigating to google.com results in the following error: `Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT` The firefox version is 79.0. I've tried installing the certificate in google chrome as well but without any luck. When navigating to google.com the browser shows this error: `NET::ERR_CERT_AUTHORITY_INVALID` The chrome version is `Version 84.0.4147.125 (Official Build)` I've tried using the chromium browser integrated inside burp suite pro and navigating to google.com works, however a warning is shown in the address bar with a red exclamation mark `Not Secure`. Clicking on it says ` Your connection is not secure. [...] Certificate (Invalid) ` When trying to log in into a google account an error is shown by google (not by the browser) `This browser or app may not be secure.`. The system I am currently using is Xubuntu 20.04. How can I configure the certificate to properly work on firefox/chrome/integrated browser?

Ben, PortSwigger Agent | Last updated: Aug 12, 2020 07:09AM UTC

Hi, Are you able to provide us with step by step details of how you have installed the Burp CA certificate in your browsers? It might be useful to remove the Burp CA certificates that you have already installed in your browsers (make sure that they are completely removed) and then regenerate the certificate by navigating to Proxy -> Options -> Proxy Listeners within Burp and clicking the Regenerate CA certificate button. If you could then follow the instructions on how to install the Burp CA certificate in your browser from the following link: https://portswigger.net/support/installing-burp-suites-ca-certificate-in-your-browser

RaduN | Last updated: Aug 18, 2020 03:01PM UTC

I've followed the instructions from the link and the same issue happened. I've regenerated the certificate, removed the old certificate and added the new one, but the same issue happened. Firefox and chrome aside, why does the integrated browser not work? This is the error shown by the browser integrated in burp suite pro: https://imgur.com/a/gw3U1Zk

Ben, PortSwigger Agent | Last updated: Aug 20, 2020 07:52AM UTC

Hi, I just tested this on an Xubuntu virtual machine and was able to get this working following the instructions that we provide. Can you confirm that you have imported the certificate under Authorities and set the Certificate Authority Trust Settings to trust the certificate for identifying websites? It might be useful to see some screenshots of your browser certificate setup so please send us some screenshots in an email to support@portswigger.net. Regarding the embedded browser - the Burp CA certificate still needs to be trusted in order for the connection to be secure. You can do this by adding the certificate to the embedded browser, as normal, by following the instructions for doing so with Chrome or you can add it the Linux certificate store manually. In Xubuntu, Firefox and Chrome would be using the NSS root store to determine which certificates are trusted.

Rohit | Last updated: Oct 24, 2023 08:48AM UTC

This worked for me: Opening about:config in Firefox and disable "network.stricttransportsecurity.preloadlist" flag.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.