Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Software is Preventing Firefox From Safely Connecting to This Site

Brandon Jan 16, 2020 04:49PM UTC

Hello,

I'm having an issue getting Burp Suite Community edition on Firefox. The issue is on all https:// websites.

OS: Win 10 Pro
Browser: Firefox 72.0.1 64-bit
Burp Suite: 2.0.17 Community Edition

So I have been a long time Burp user and know exactly how to install the certificate. I have ticked "This website can identify websites" when importing the certificate.
I have verified the certificate is there and there are no duplicates. I have tried regenerating the cert and importing the new cert and restarting Firefox and still receive this error.

Error: www.google.com is most likely a safe site, but a secure connection could not be established. This issue is caused by The original certificate provided by the web server is untrusted., which is either software on your computer or your network.

What can you do about it?

www.google.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software.
If you are on a corporate network, you can contact your IT department.
If you are not familiar with The original certificate provided by the web server is untrusted., then this could be an attack, and there is nothing you can do to access the site.\

Advanced: Websites prove their identity via certificates, which are issued by certificate authorities.

Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.

Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.

Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED

I have also went into about:config and made security.ssl.enable_ocsp_stapling:false to no avail. I view the problematic certificate and it is the PortSwigger certificate that I have installed.

I have concluded that this is a bug and I'm unable to use Burp at this time.


Brandon Jan 16, 2020 05:27PM UTC
Update: I am also having issues with Chrome. Not sure if this is an issue with the certificate generation or what. I also tried disabling security.enterprise_roots.enabled as it seems this is where the issue is stemming from in Firefox. When I go to it in the about:config It's grayed out and shows a lock and I'm unable to change the setting from true to false.

Hannah Law Jan 17, 2020 10:44AM UTC Support Center agent

Are you using the bundled platform installer or the plain .JAR file?

Can you tell me what version of Java you are running?

Are you seeing any errors in your Burp dashboard?


Brandon Jan 19, 2020 04:04PM UTC
I'm using the .EXE installer. I'm using Version 8 update update 241 of Java.

The only error I see in in the even log is:
Error : Proxy : [6] Connection Reset

I ended somehow getting it working. I closed firefox and reopened and somehow the issue is back. Something weird is definitely going on.

Post Your public answer

Your name
Your email address
Answer