Installing Burp's CA Certificate in your browser

Note: Installing Burp's CA certificate is only necessary if you want to use an external browser with Burp. If you only want to use Burp's embedded browser for testing, you can skip this process.

By default, when you browse an HTTPS website via Burp, the Proxy generates a TLS certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time Burp is run, and stored locally. To use Burp Proxy most effectively with HTTPS websites, you will need to install Burp's CA certificate as a trusted root in your browser.

If you have not already done so, configure your browser to use Burp as its proxy, and configure Burp's Proxy listener to generate CA-signed per-host certificates (this is the default setting). Then use the links below for help on installing Burp's CA certificate in different browsers:


Additionally, you may want to install Burp's CA certificate on a mobile device. First, ensure that the mobile device is configured to work with Burp Suite. Then use the links below for help on installing Burp's CA certificate on a mobile device:

Note: If you install a trusted root certificate in your browser, then an attacker who has the private key for that certificate may be able to man-in-the-middle your TLS connections without obvious detection, even when you are not using an intercepting proxy. To protect against this, Burp generates a unique CA certificate for each installation, and the private key for this certificate is stored on your computer, in a user-specific location. If untrusted people can read local data on your computer, you may not wish to install Burp's CA certificate.