Burp Suite, Firefox, SSL, HSTS, and sec_error_unknown_issuer

If you are using Burp Suite Pro intercepting proxy you will know you have the following chain.

|Browser| <=>|burp|<=>|Target Website|

In an SSL environment burp will send its own self signed cert to your browser while behaving as the client to the target. 

But if the target website uses HSTS (HTTP Strict Transport Security) and you use Firefox as a client then you will have problems. What you will see is a sec_error_unknown_issuer error and no ability to add an exception.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. 

Ok, So we know the site is normal - in our case its an internal staging environment. We could use another browser but there is a way to work around this.

Originally I tried downloading the burp self-signed certificate and importing it into the Windoze certificate manager by double clicking the .crt file. However this did not result in any change, I still had the sec_error_unknown_issuer problem.

The solution here is to manually import the Burp certificate into Firefox by:

1. Firefox->Hamburger Menu at Top Right->Options->Advanced->Certificates->View Certificates
2. This will display a Certificate Manager dialog. Select Import and then select the Burp Certificate.