KiloClawPowered by OpenClaw
Back to Cookbook
OpenClaw recipe

Burp Suite CA Certificate Install Guide

aka “Burp CA First Aid

Install trust correctly and fix "can't download CA certificate"

Field-tested checklist for getting HTTPS interception working in Burp. Covers Firefox's separate trust store, the http://burpsuite download page not loading, quick verification, and safe post-engagement rollback.

House RecipeWork5 min
Try in KiloClawFree 7-day trial

INGREDIENTS

🌐Browser

PROMPT

Create a skill called "Burp CA First Aid". Inputs I will provide: - Burp proxy listener config (host/port) - Browser type (Firefox/Chrome/Edge) and OS - The exact error (can't reach http://burpsuite, TLS warning details) Task: 1) Diagnose whether the browser is actually proxying through Burp. 2) Provide the minimal steps to download and install Burp's CA certificate for that browser and OS. 3) Provide verification steps and safe rollback/removal steps.

What this fixes

Common symptoms:

  • Browser shows TLS warnings when Burp is intercepting
  • `http://burpsuite` does not load (can't download the CA certificate)
  • Firefox still shows certificate errors after importing into the OS trust store

Prerequisites

  • Burp running with a proxy listener bound to the right interface/port
  • Browser configured to proxy through Burp (or system proxy set)
  • Understanding of the local risk of trusting an interception CA (remove afterward)

Steps and commands

  1. Verify proxy is actually in use:
  • With Burp running, visit:

`http://burpsuite`

  • If it doesn't load, fix your browser proxy settings first.
  1. Download Burp's CA certificate:
  • Click "CA Certificate" (top-right) and save the file.
  1. Install the CA certificate in Firefox (Firefox maintains its own store):
  • Settings → Privacy & Security → Certificates → View Certificates → Authorities → Import
  • Trust it for identifying websites.
  1. Install the CA certificate in Chrome/Edge (uses OS store):
  • Import into the OS trust store (Keychain on macOS, certmgr on Windows, ca-certificates on Linux).
  1. Confirm HTTPS works:
  • Browse to any HTTPS site and confirm:
  • no browser warning
  • traffic appears in Burp Proxy → HTTP history
  1. Rollback (post-engagement hygiene):
  • Remove the Burp CA certificate from all trust stores when done.

Expected outputs

  • Browsing HTTPS through Burp with no TLS warnings
  • Requests appear in Burp Proxy → HTTP history
  • `http://burpsuite` loads when proxying is correctly configured

Common errors and troubleshooting

  • Can't load `http://burpsuite`
  • Browser is not proxying through Burp, or Burp isn't running/listening.
  • Re-check proxy host/port match the Burp listener.
  • Firefox still warns after importing into OS store
  • Firefox uses its own certificate store. Import into Firefox Authorities separately.
  • Corporate/enterprise roots interaction
  • Firefox can optionally trust OS enterprise roots via `security.enterprise_roots.enabled`.
  • Confirm whether enterprise roots are in play before troubleshooting further.

References

  • https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate
  • https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate/ca-cert-firefox
  • https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate/proxy-troubleshooting
  • https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Example inputs

  • Burp listener: 0.0.0.0:8080
  • Browser proxy: 127.0.0.1:8080
Tags:#pentesting#web#burp#tls#proxy#troubleshooting

Related Recipes

Mobile HTTPS Interception on Android 7+

Fix "traffic in browser but not in apps" via Network Security Config

Android Nougat changed CA trust defaults — apps targeting API 24+ ignore user-installed CAs. This breaks typical Burp/mitmproxy interception. Walks through Network Security Config debug overrides for builds you control and scoped fallback options for test devices when you don't.

Work12 min

Nuclei Template Doctor

Fix "no templates provided", template drift, and signing surprises

Nuclei scans fail not because the engine is broken but because templates are missing, outdated, filtered out, or failing validation. This recipe diagnoses template path and version problems, performs safe updates, validates templates, and explains a secure workflow for code-template signing.

Work6 min

Render Hang Triage

A playbook for "stops at the same frame" and "freeze mid-render" failures

Renders freeze at a consistent percentage or frame — often caused by a bad clip, a heavy effect, a Fusion comp issue, or "stop render on error" settings. This recipe classifies the failure pattern and gives you a structured triage plan instead of blind re-exports.

Creative3 min

Audio Input Lag Fixer

Fix a common Premiere playback-lag issue caused by audio input device settings

Severe playback lag and stutter in Premiere Pro that looks like a codec performance problem but is actually caused by audio hardware input settings. This recipe provides a quick decision tree to test and fix the issue — often resolved in under a minute by switching the default input to "No Input."

Creative3 min