Burp Trusted Root Certificate

When attacking HSTS (STS) sites, you need to install BURP’s proxy cert as the root certificate in order to load the content correctly.  A pain in the butt, but worth it.  Notes are here: https://superconfigure.wordpress.com/2013/01/29/pen-testing-hsts-http-strict-transport-security-sites-with-burp/ Key thing is to ensure you import PortSwigger into your trusted CA store.  By default for …

Continue reading