Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

iOS 13 + Burp SSL Certs Not Able to be Fully Trusted

Dan Oct 27, 2019 05:11PM UTC

I've followed the appropriate steps to fully trust the burp cert, but as of iOS 13 this does not work and HTTPS requests fail. Looking at iOS 13 release notes, I found this: https://support.apple.com/en-us/HT210176 -- I suspect this is related, though I have not had time yet to inspect the certs being generated by Burp to confirm one or more of these new restrictions are being violated. Can anyone 1) confirm this is an issue with iOS 13+ and 2) is there any workaround to this or timeline for addressing in Burp default functionality?


Carsten Müller Oct 28, 2019 08:47AM UTC
Hello,

we facing the same issue with the certificates installed and created by Burp.
See IOS changes (https://support.apple.com/en-us/HT210176)´.

Is there a way to register own certificates, or is the already a fix / update available?


Liam Tai-Hogan Oct 28, 2019 09:08AM UTC Support Center agent

We have tested an iOS device that is running version 13.1.2 and we were able to successfully proxy HTTPS traffic through Burp Suite proxy instance running on my computer after installing the certificate and manually configuring my proxy settings.

I’m assuming you have seen our guides on configuring your iOS device to work with Burp Suite?

https://support.portswigger.net/customer/portal/articles/1841108—Mobile%20Set-up_iOS%20Device.html
https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html


Liam Tai-Hogan Oct 28, 2019 09:14AM UTC Support Center agent

Additionally, we’ve upgraded to iOS 13.1.3 and not been able to reproduce this issue.


a troubles Nov 01, 2019 09:25AM UTC
After I upgraded to 13.2, I encountered a situation where I chose the certificate trust and could not capture https. What should I do?

Liam Tai-Hogan Nov 01, 2019 11:55AM UTC Support Center agent

Did this issue affect all applications?

Are you encountering an error message in Burp’s Event log?


Post Your public answer

Your name
Your email address
Answer