Importing CA Certificate
CA Certificate :
A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet.
Why to import CA certificate ?
To intercept Traffic over HTTPS, we need to import CA certificate in our Browser. Browser and server exchange X.509 certificates, which are signed by certificate authorities. Since Burp runs at a layer below the layer in which encryption takes place, so the data is already encrypted when it reaches the burp. Now the only way Burp can see data is if the SSl/TLS connection terminates here. So, Burp generates per site certificate which the browser needs to accept. Since this certificate is not signed by authority known to us, it may show us an invalid certifcate error. Now if the Application is not properly configured with SSL/TLS, you may able to get "Add Exception" option and thus you may able to acces the site.
But what if it is properly configured, for instance lets take example of google, then we even dont have Add Exception also.
Importing CA certificate in Burp
- Put the intercept Mode ON in Burp Suite .
- Go to url and enter
http://burp
.
- Click on highlighted "CA Certificate" and you will get a file to download which is "Cacert.der" .
- Now go to your url and type
about:preferences#privacy
, there you will find Certificate option.
- Click on " View Certicates" and click on import on the next window
Now check the first box
To verify your certificate is imported just navigate to following url
https://burp