🤩 New Cool Developer Tools for you. Explore →
FREE JavaScript Video Series Start Learning →
FLAT 75% OFF All Interactive courses at flat ₹250 / $3.25 only. HURRRRRY!! Explore now
  Signup/Sign In
Tests
MCQs to test your knowledge.
Forum
Engage with the community.
Compilers
Compilers to execute code in browser.
JUNE 4, 2023

Burp Suite top Proxy tab settings

Technology #httprequest#proxy#burp-suite

    One of the most important components of Burp Suite is the Proxy tool, which acts as a web proxy server between your browser and the target application.

    In this article, we will learn how to configure Proxy settings in Burp Suite to customize the proxy behavior, interface, and functionality. These settings will alters our interacting in Intercept, HTTP and WebSocket history sub-tabs in the Proxy tab mostly.

    Proxy listeners

    A enables you to monitor and intercept all requests and responses. By default, Burp creates a single listener on port 8080 of the loopback interface, i.e 127.0.0.1 or localhost. The default listener enables you to use Burp’s browser or any other similarly configured browser to test virtually all browser-based web applications.

    You can edit proxy address to 0.0.0.0 to open the proxy on all interfaces.

    Burp Suite Proxy Listener Settings

    You can add, edit or remove proxy listeners by clicking on the Add, Edit or Remove buttons in the Proxy Listeners panel.

    When you add or edit a proxy listener, you can configure the following settings in the dialog tabs:

    • Interface: These settings control how Burp binds the proxy listener to a local network interface. You can specify the port and the IP address of the interface for burp to bind to.
    • Request handling: These settings control whether Burp redirects the requests received by the listener to a different host, port, or protocol. You can also enable invisible proxy, which allows non-proxy-aware clients to connect directly to the listener. You can also choose TLS Protocols.

    CA Certificate: These settings control how Burp generates SSL certificates for HTTPS connections. You can select to use a self-signed certificate, a custom certificate or a user-generated CA certificate.

    Intercept Rules

    The Intercept tab allows you to intercept and modify requests and responses before they are sent or received by your browser or the target application. You can enable or disable interception by clicking on the Intercept is tick mark button.

    In intercept rules, you can specify which requests and responses you want to intercept based on various criteria, such as URL scope, file extension, HTTP method, parameter name or value, cookie name or value, header name or value, etc.

    HTTP response and websocket interception rules Burp Suite

    You can also configure WebSocket messages interception you want to intercept based on various criteria, such as URL scope, message type, direction, length, content-type, etc.

    Sometimes Content-Length is really useful HTTP request smuggling. In such case, disable automatic update of this option.

    Match and replace rules

    Match and replace rules allow you to automatically modify requests and responses that pass through Burp Proxy based on certain criteria. You can use match and replace rules to add, remove or modify headers, parameters, body content or any other part of the messages.

    You can configure match and replace rules by clicking on the Add button and specify the following settings for each rule:

    • Comment: A comment shown for the rule that helps you identify it.
    • Enabled: A checkbox for the rule is active or not.
    • Item: A drop-down menu that lets you choose whether the rule applies to requests or responses.
    • Match: A text field where you enter the string or regex to match.
    • Type: A static string or a regular expression.
    • Replace: A text field where you enter the string or regex to replace with.

    Burp executes the enabled match and replace rules in turn for each message, and makes any applicable replacements.

    Burp Suite Proxy Settings: Match and replace rules, TLS pass through, and proxy history loggins

    TLS pass through

    TLS pass through settings allow you to configure Burp Proxy to bypass SSL interception for certain hosts. This can be useful when you encounter SSL errors or certificate pinning issues with some applications.

    You can configure TLS pass through settings by clicking on the Add button in the TLS Pass Through panel and specify the following settings for each rule:

    • Enabled: A checkbox active or not.
    • Host: host name or IP address of the destination server. You can use wildcards (*) to match multiple hosts.
    • Port: destination port.

    Proxy history logging

    You can enable or disable logging for different types of messages, such as in-scope items and out-of-scope items.

    Miscellaneous Settings

    Here are some miscellaneous functions in Proxy Settings of Burp Suite:

    Miscelleneous settings in Burp Suite Proxy

    These settings are a little advanced, plus self-explanatory.

    Conclusion

    In this article, we learned how to configure the top Proxy tab settings in Burp Suite to customize the proxy behavior and functionality. We also learned how to use the Intercept, HTTP history and WebSockets history tabs to monitor and manipulate HTTP and HTTPS traffic between our browser and the target application.

    Want to learn coding?
    Try our new interactive courses.
    View All →
    Over 20,000+ students enrolled.
    sam5epi0l
    Pradeep has expertise in Linux, Go, Nginx, Apache, CyberSecurity, AppSec and various other technical areas. He has contributed to numerous publications and websites, providing his readers with insightful and informative content.
    IF YOU LIKE IT, THEN SHARE IT
    Advertisement

    RELATED POSTS