Certificates between ZAP and BURP

Question

I have both certificates from ZAP and BURP on my browser, and I can surf through SSL websites without problems with each proxy.

Now, I am using BURP as my local proxy on port 9090 and I redirect the traffic from BURP to ZAP (listening on port 8080).

When surfing through non-SSL websites, everything is alright, I catch the traffic in BURP and redirect it to ZAP, but when I go to a SSL website, an non-trusted message pops up.

What is going on¿? Do I have to export BURP certificate and import it to ZAP (which wouldn't make sense because ZAP trust selfsigned certificates)

If anyone have had the same problem and can throw some light on it and work it out I would really appreciate it.

Thank you in advance!

score 0 · Accepted Answer · answered Mar 01 '15 at 12:11

0

The warning will be coming from your browser not from ZAP.

Can you post some details to the ZAP dev group ?

I dont use Burp (I'm the ZAP project lead after all;) but I know many people do this so I know its possible...

answered Mar 01 '15 at 12:11

Simon Bennetts

5,479
1
14
26

Certificates between ZAP and BURP

1 Answers1