Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Making Burp Trust/Use Custom TLS Certificates

Luke Matarazzo Jun 07, 2019 08:25AM UTC

I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows machine trusts the certificate being used for the MitM, but Burp seems to ignore this. Is there any way for me to force Burp to trust a CA or anything like that? Or maybe Burp has cert pinning or other TLS features making this setup break.

I'm using Burp 2. I'm open to any options. If it is not possible to accomplish currently with Burp then I'd love to turn this into a feature request.


Paul Johnston Jun 07, 2019 03:58PM UTC Support Center agent

You can add the CA certificate to the Java keystore. There are instructions here:

- https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

We are investigating adding an option to disable SSL validation, which would provide an easy way to get working in environments like this.


Post Your public answer

Your name
Your email address
Answer