• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Browsers
    • Gaming
    • Hardware
    • Internet
    • iPhone
    • Linux
    • macOS
    • Office
    • Reviews
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
How to Import Burp Suite’s HTTPS Certificate in Windows

How to Import Burp Suite’s HTTPS Certificate in Windows

November 10, 2020 by Mel Hawthorne 1 Comment

Burp Suite’s primary focus is to act as a web proxy for the purpose of analyzing and modifying web traffic, generally as part of a penetration test. While this is easy enough for plain text HTTP traffic it requires additional set-up to be able to intercept HTTPS traffic without constant certificate errors.

Tip; Penetration testing is the process of testing the cybersecurity of websites, devices, and infrastructure by attempting to hack it.

To intercept HTTPS traffic, Burp creates its own certificate authority on your device. You need to import that certificate to your browser’s trust store so that your browser doesn’t generate certificate errors.

Tip: Using Burp Suite as a proxy is essentially you performing a MitM, or Man in the Middle, attack on yourself. You should be aware that Burp will replace all HTTPS certificates with its own. This makes it a lot harder to notice genuinely malicious MitM attacks as you won’t see any certificate errors – be aware of this if you install and use the Burp Suite!

The first step to install Burp’s certificate authority is to download it. To do so, launch Burp, then browse to the proxy listener port, which defaults to “127.0.0.1:8080”. Once on the page, click “CA Certificate” in the top-right corner to download the certificate “cacert.der”.

Tip: You’ll likely be warned that the filetype is unsafe and could harm your computer, you’ll need to accept the warning.

Browse to the proxy listener and download the certificate.

 

To install the certificate in Windows, double-click on the downloaded file “cacert.der” to run it and accept the security warning. In the certificate viewer, window, click “Install Certificate”.

Double click on the certificate file to run it, then click “Install certificate”.

Choose whether you want the certificate to be trusted by your user or by other uses with “Current User” and “Local Machine” respectively. You will need to manually set the certificate to be placed in a specific certificate store, “Trusted Root Certification Authorities”. Once, you’re done click “Finish” to import the certificate.

Tip: For the change to take effect, you will need to restart your browsers. This should affect all browsers on your computer, even Firefox, however, you may need to add the certificate to specific browsers if they use their own trust store.

Install the certificate in the “Trusted Root Certification Authorities” store.

If you want to intercept network traffic from another device, it will have to import your specific Burp certificate, rather than one it generates itself. Each installation, excluding updates, generates a new certificate. This design makes it much harder for Burp to be abused for mass internet monitoring.

You Might Also Like

  • What Is Burp Suite?
    What Is Burp Suite?
  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Use Burp Suite Decoder
    How to Use Burp Suite Decoder
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?

Filed Under: Software

Reader Interactions

Comments

  1. The Cyber Janitor says

    November 18, 2021 at 9:08 pm

    Thanks. I wanted to capture whatever background requests this online game made and I was getting failed authentication errors in the Burp Suite Event Log. This is after I had set the Burp Suite proxy as the system-wide proxy via Internet Options and so I didn’t know I had to install the Burp cert on the system and where exactly. After doing what was described in this article I am now logging several requests to game-associated infrastructure and service domains.
    So thank you! :D)

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • Google Photos: How to Remove a Memory
  • How to Open Outlook in Safe Mode: The 6 Best Methods You Must Know
  • How to Make a Drop-Down List in Excel: 2 Best Methods in 2023
  • Can You Mix RAM Brands: A Guide for RAM Mix and Match
  • Google Photos: How to Recover Erased Pictures
  • New Galaxy S23: Full Specs, Features, and More
  • How to Block Calls on Android
  • Mimecast for Outlook: Everything You Need to Know

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

You May Also Like

  • Windows 95/98
  • Microsoft Windows NT
  • Microsoft Windows
  • Microsoft Windows 95
  • Windows Media Player (WMP)
  • Top 8 Itunes Alternatives for Windows

© Copyright 2023 Guiding Tech Media · All Rights Reserved · Privacy