Installing Burp's CA Certificate in an iOS Device

Before you start:

MobileSetUp_AppleCAcert_1

With Burp running on your computer, visit http://burpsuite in your iOS device browser and click the "CA Certificate" link.

MobileSetUp_AppleCAcert_2

You will be prompted with a message in the "Install Profile" window. Tap "Install".

MobileSetUp_AppleCAcert_3

You will then be prompted with a warning message. Again, tap "Install".

MobileSetUp_AppleCAcert_4

A further message will appear entitled "Install Profile". Again, tap "Install".

 

MobileSetUp_AppleCAcert_5

The Burp CA certificate should now be installed in your iOS device. Tap "Done".

MobileSetUp_AppleCAcert_7

On some versions of iOS you may need to go to "Enable Full Trust for the PortSwigger CA".

You can configure this setting at Settings > General > About > Certificate Trust Settings.

MobileSetUp_AppleCAcert_6

You should now be able to visit any HTTPS URL via Burp without any security warnings. Note that in some cases, you may also need to disable TLS 1.3 in Burp's proxy listener settings.

Note: This article is based on iOS 8.1.2 running on an iPad mini mobile device.