Getting MOZILLAPKIXERRORMITMDETECTED when trying to run burp. Cassandra Last updated: Apr 25, 2019 09:11PM UTC I ran into the same problem on chrome as well. What other reasons may lead to errors 'SECERRORUNKNOWNISSUER' or 'MOZILLAPKIXERRORMITMDETECTED': Family Safety settings in Windows®. Corporate traffic filtering / monitoring solutions (contact your IT department to solve this problem). Malicious software. 2) Warning pops up only on one site.
From version 61, a warning has appeared in the Firefox browser notifying the user if a program is trying to perform a MitM attack (Man-in-the-Middle). In the upcoming version of Firefox 65, this warning will be supplemented with information indicating that the antivirus program may be causing the error.
- Method 1: Sign in to the Portal If Necessary. If you are using the Wi-Fi networks at cafes or airports, you need to sign in to the portal to remove your connection is not private warning.
- A man-in-the-middle attack has been detected. The website’s certificate has expired.
MOZILLA_PKIX_ERROR_MITM_DETECTED error could appear in Firefox in several situations that are not related to attacks by hackers:
- when scanning encrypted traffic using antivirus;
- when analysing HTTPS traffic with various debugging tools.
In order to provide users with the most detailed information, MOZILLA_PKIX_ERROR_MITM_DETECTED error notifications will be expanded in Firefox 65.
Prior to version 65 in Firefox, notifications that a certificate could be used in a MitM attack were too uninformative. All the user could see was a brief warning: “Warning: Potential Security Risk Ahead”.
In the Firefox 65 version, a new warning will include an additional description indicating the problematic certificate that could potentially be involved in the MitM attack. The user will then be able to understand exactly which program led to the error - antivirus software, web debugger, or malware.
How to fix the MOZILLA_PKIX_ERROR_MITM_DETECTED error
If the certificate generating the error is legitimate (for example, it belongs to your anti-virus program), you can take the following steps so that the MOZILLA_PKIX_ERROR_MITM_DETECTED error is no longer displayed:
- disable SSL or HTTPS scanning in your antivirus;
- enable it again.
These actions will result in the antivirus certificate being added to the Firefox certificate store, and the warning disappearing.
If it was malicious or adware software that initiated the MitM attack (tried to insert a certificate), you will need to scan your computer and eliminate all dangerous programs.
Subscribe to our updates to be informed of the latest developments in the SSL world!
Note: These steps are only necessary if you want to use an external browser for manual testing with Burp. If you prefer, you can just use Burp's embedded browser, which is preconfigured to work with Burp Proxy already. To access the embedded browser, go to the 'Proxy' > 'Intercept' tab, and click 'Open Browser'.
The process for installing Burp's CA certificate varies depending on which browser you are using. Please select the appropriate link below for detailed information about installing the certificate on your chosen browser.
When you have done this, you can confirm things are working properly by closing all your browser windows, opening a new browser session, and visiting any HTTPS URL. The browser should not display any security warnings, and the page should load in the normal way (you will need to turn off interception again in the 'Proxy' > 'Intercept' tab if you have re-enabled this).
Installing Burp's CA certificate on a mobile device
Additionally, you may want to install Burp's CA certificate on a mobile device. First, ensure that the mobile device is configured to work with Burp Suite. Then use the links below for help on installing the certificate:
Why do I need to install Burp's CA certificate?
One of the key functions of TLS is to authenticate the identity of web servers that your browser communicates with. This authentication process helps to prevent a fraudulent website from masquerading as a legitimate one, for example. Visual studio code vs visual studio. It also encrypts the transmitted data and implements integrity checks to protect against man-in-the-middle attacks. In order to intercept the traffic between your browser and destination web server, Burp needs to break this TLS connection. As a result, if you try and access an HTTPS URL while Burp is running, your browser will detect that it is not communicating directly with the authentic web server and will show a security warning.
Mozilla_pkix_error_mitm_detected
To prevent this issue, Burp generates its own TLS certificate for each host, signed by its own Certificate Authority (CA). This CA certificate is generated the first time you launch Burp, and stored locally. To use Burp Proxy most effectively with HTTPS websites, you need to install this certificate as a trusted root in your browser's trust store. Burp will then use this CA certificate to create and sign a TLS certificate for each host that you visit, allowing you to browse HTTPS URLs as normal. You can then use Burp to view and edit requests and responses sent over HTTPS, just as you would with any other HTTP messages.
Although this step isn't strictly mandatory, especially if you only want to work with non-HTTPS URLs, we still recommend completing this step. You only need to do it once, and it is required to get the most out of your experience with Burp Suite when using an external browser.
Error Code: Mozilla_pkix_error_mitm_detected
Note: If you install a trusted root certificate in your browser, then an attacker who has the private key for that certificate may be able to man-in-the-middle your TLS connections without obvious detection, even when you are not using an intercepting proxy. To protect against this, Burp generates a unique CA certificate for each installation, and the private key for this certificate is stored on your computer, in a user-specific location. If untrusted people can read local data on your computer, you may not wish to install Burp's CA certificate.