Burp Suite, the leading toolkit for web application security testing

Installing Burp's CA Certificate in an Android Device

Before you start:

On your computer with Burp running, visit http://burp and click the "CA Certificate" link. Save the certificate file on your computer.


On your computer, rename the file with the .cer file extension, and send the file as an email attachment to an account that you can access from your Android device.


Check your email on the Android device.


Open the email and tap the attachments button.

Then tap the save button. This should save the certificate file to your Android device’s “Download" folder.


Find your “My Files” folder. This may be located in the “Apps” menu or on one of the device's home screens.


In “My Files” tap the “All Files” folder.


In the “All Files” folder tap “Device storage”.


Open the “Download” folder and check that your certificate is correctly located in this folder.


Next locate and tap the "Settings” icon. This may be located in the “Apps” menu or on one of the device's home screens.


Tap the “More” button.


Beneath the “Permissions” header tap the “Security” button.


In the “Security” menu select the “Install from device storage” from beneath the "Credential storage" header.


You will now be asked to “Name the certificate”, leave the certificate name as it is and tap “OK”.


In some versions of Android, your device will ask if you want to use the certificate for "VPN and apps" or "WiFi".

In the "Credential use:" options, you should select "VPN and apps".


The phone will revert to the security menu and will inform you via a small pop up that the certificate is installed.

You can check the Certificate is installed by tapping the “Trusted credentials" button.


Tap the "User" tab in the “Trusted credentials” window to show the PortSwigger CA certificate.


You should now be able to visit any HTTPS URL via Burp without any security warnings.


Note: It is also possible to import the Burp CA Certificate using a micro SD card. Ensure that you move the Burp CA Certificate from the micro SD card to the phones own storage before using the certificate install function in the “Security” menu.


This article is based on Android version 4.2.2 running on a Samsung mobile device.

We welcome feedback about the content on the Support Center. Please let us know if you have any feedback on this article or want to request a new article.

seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found

Copyright © 2016 PortSwigger Ltd. All rights reserved. Customer service software powered by Desk.com.