login

Burp Suite, the leading toolkit for web application security testing

Installing Burp's CA Certificate

By default, when you browse an HTTPS website via Burp, the Proxy generates an SSL certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time Burp is run, and stored locally. To use Burp Proxy most effectively with HTTPS websites, you will need to install Burp's CA certificate as a trusted root in your browser.

Note: If you install a trusted root certificate in your browser, then an attacker who has the private key for that certificate may be able to man-in-the-middle your SSL connections without obvious detection, even when you are not using an intercepting proxy. To protect against this, Burp generates a unique CA certificate for each installation, and the private key for this certificate is stored on your computer, in a user-specific location. If untrusted people can read local data on your computer, you may not wish to install Burp's CA certificate.

For full instructions on installing Burp's CA certificate in your browser, please refer to the following article in the Burp Suite Support Center:

This article contains detailed steps for installing the CA certificate on various common browsers and mobile devices.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, May 12, 2016

1.7.03

This release adds some enhancements to, and fixes some minor issues with, the Burp projects feature. Thanks are due to everyone who has provided feedback about the new projects feature since the 1.7beta release. Based on the enhancements made since that release, the projects feature is now officially out of beta, and this release may be regarded as stable. As with all Burp features, we welcome ongoing feedback about the projects feature as people continue to use it.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.