Importing the Burp certificate in Mozilla Firefox
Starting with Mozilla Firefox, it is quite simple to import the certificate:
- While Burp is running, go to
http://burp
. - Click on CA Certificate. Note where this file is downloaded:
The method is very convenient for testers, but it does open the tester to a malicious user who could perform MITM attacks against the pentester, abusing the trust related to the Burp Suite root certificate.
- Open Firefox Options, click on Advanced, Certificates, and View Certificates. Have a look at the following screenshot:
- Click on Authorities, click on the Import button, and navigate to the place where you downloaded the certificate, as shown in the following screenshot:
- You will get another window about whether you trust the new certificate authority. Select Trust this CA to identify web sites. And if you like, click on View to examine the CA certificate:
- Click on the OK button and then navigate to
https://burp
. If there are no errors or warnings about the certificate...