0

I'm setting up Burp Suite, in the process i had to manually configure the proxy to LocalIp:127.0.0.1 Port: 8080 in firefox. after doing this,whenever i try to open any website i get an error saying Your connection is not secure

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. Learn more… Report errors like this to help Mozilla identify and block malicious sites www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER but if i don't use any proxy i can access the web,but in order to use Burp Suite i have to use a proxy(127.0.0.1,8080) Please guide me,i'm a newbie THANKS IN ADVANCE!

P.S: i have configured my local host but still it's not working.

yajna Rohit
  • 21
  • 1
  • 3

2 Answers2

1

The error you get is because Burp act as proxy and have own certificate (which is not the same as google certificate). You should accept this certificate in the browser you use.

Romeo Ninov
  • 6,538
  • 1
  • 22
  • 31
  • i'm able to open pages when the intercept is off when it is on the pages keeps on loading but i'm getting the packets in http history is this normal behaviour of Burp Suite? – yajna Rohit Feb 26 '19 at 13:53
  • @yajnaRohit, I am not an expert for this product, but probably yes. Intercept for me mean exactly this (store, but not proxy to end user) – Romeo Ninov Feb 26 '19 at 13:55
0

There are quite many steps to set Burp Suite working on localhost, for example, to run this on Firefox you might need:

  1. Burp's certificate accessible via http://burp. Get the certificate from the URL, install and restart Firefox.
  2. Make sure your port is free, sometimes the default's 8080 is being used by different applications. Change this in Burp Suite -> Proxy -> Options -> Edit on the desired proxy listener.
  3. Set up the same proxy details in Firefox having the Manual proxy configuration option enabled, which you can see in Burp Suite -> Proxy -> Options.
  4. In Firefox you might need type about:config in the URL and set network.security.ports.banned.override to PORT_NUMBER (the same one which is in Burp Suite -> Proxy -> Options -> Edit and therefore in Firefox's proxy - yes, point 3.).
  5. In Firefox you might need type about:config in the URL and set network.proxy.allow.hijacking_localhost to true.
  6. Sometimes you might need to read more about upstream proxy if you have an additional proxy on your local machine, however in my case it was not required.
Daniel Danielecki
  • 8,508
  • 6
  • 68
  • 94