Making Burp Trust/Use Custom TLS Certificates
I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows machine trusts the certificate being used for the MitM, but Burp seems to ignore this. Is there any way for me to force Burp to trust a CA or anything like that? Or maybe Burp has cert pinning or other TLS features making this setup break.
I'm using Burp 2. I'm open to any options. If it is not possible to accomplish currently with Burp then I'd love to turn this into a feature request.
You can add the CA certificate to the Java keystore. There are instructions here:- https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore
We are investigating adding an option to disable SSL validation, which would provide an easy way to get working in environments like this.