Ever wondered how we can play browser network traffic using Burp Suite? Well, we've got you covered with some easy steps to get you started. Let's dive right in!
Here are some easy steps to intercept browser network traffic in BurpSuite:
Step 1: Download and Install Burp Suite Proxy
- Download latest version of Burp Suite Community Edition (no license required) from the official website: https://portswigger.net/burp
- Double-click on the executable file to install it.
Step 2: Install FoxyProxy in browser
Step 3: Configure Burp Suite
- Launch Burp Suite CE on your machine with temporary project and with default settings.
- Go to the “
Proxy” tab in Burp Suite and click on the “Proxy settings” sub-tab.
- Note the “Proxy listener” settings (e.g., Proxy listener address:
127.0.0.1, Proxy listener port: 8080).
Step 4: Configure FoxyProxy to use Burp Proxy
- Open the FoxyProxy extension/add-on in your browser.
- Click on the FoxyProxy icon and select “Options” or “Manage FoxyProxy” (exact option may vary).
- Click on “Add New Proxy” or “New Proxy” to create a new proxy configuration.
- Enter a name for the proxy (e.g., Burp Proxy).
- In the “Proxy Details” section, enter the following:
- Proxy Type: HTTP
- IP address:
127.0.0.1 (or the address specified in Burp Suite)
- Port:
8080 (or the port specified in Burp Suite)
- Save the proxy configuration.
Step 5: Enable FoxyProxy with Burp Suite Proxy
- In the FoxyProxy extension/add-on, select the proxy configuration you created (e.g., Burp Suite Proxy).
- Activate the proxy configuration by clicking on the FoxyProxy icon and selecting the proxy configuration you created.
Step 6: Intercept HTTPS traffic
Most of the website, we use on the internet have HTTPS (HTTP Secure) which is an SSL certificate is attached to allow communicating securely. When burp suite comes in between the browser and server, the browser refuses to connect and gives a warning.
To solve this, we have to add a self-signed certificate from Burp Suite to trusted authority in the browser:
- Once, you configure FoxyProxy to use Burp proxy, Go to http://burp/.
- Click on the CA Certificate button (in the top right corner) to download the Burp CA certificate.
- Open your browser and go to Settings > Security > Certificates.
- Click on the View Certificates button.
- Make sure you are on the Authority tab
- Click on the Import button and select the Burp CA certificate that you downloaded in step 2.
- Restart your browser.
Once you have completed these steps, your browser will trust the self-signed certificate from Burp Suite. You will now be able to use Burp Suite to intercept and modify traffic from HTTPS websites.
Step 7: Verify Interception in Burp Suite Proxy
- Go back to Burp Suite Proxy and ensure that the “Intercept” tab is active.
- Start browsing the web in your browser.
- Burp Suite Proxy should now intercept the traffic between your browser and the websites you visit.
Hope you found this article helpful while configuring browser and Burp Suite to intercept and manipulate HTTP and HTTPS network traffic.
Hack for good!!
