One of the given solutions is to import the burp proxy certificate to the browser and install it as a root certificate authority and do the same , it doesn’t really work most of the time.
There is another way to bypass HSTS on Firefox so that we can intercept on burp.
Follow the below steps:-
- Go to the Firefox configuration page (about:config)
- Right-click, choose “New Integer”
- Provide the name “test.currentTimeOffsetSeconds” (no quotes) with a value of 11491200.
- Clear the Cache and Active Logins in the Clear Recent * History dialog (Ctrl-Shift-Del).
- Restart the Browser
- (Optional) Restart Burp if need be.
- This apparently works because of a function called GetPreloadListEntry that checks to see if the current time is less than the next list expiration time; since the time is effectively calculated to be later than the expiration time, no check is performed. This effectively disables HSTS checks.
This is not something new , this is a preferred way to test HSTS supported website for interception using burp.