Burp Suite intercepts HTTP/HTTPS traffic in the form of an intercepting proxy, acts as a middleman between the browser and the server, and modifies and replays the data packets to achieve the purpose of testing.

This article aims to introduce how to configure the proxy of different clients under test. include:

• web browser
• The tested client is a mobile terminal
• The client under test itself does not support proxy settings (such as WeChat PC version)
• The service under test has multiple proxies

1. Working principle of BurpSuite

2. Proxy settings – Web browser

BurpSuite’s default proxy address and port are 127.0.0.1:8080, which can be accessed from BurpSuite’sProxyTab’sOptionsViewed in, as shown below

Under normal circumstances, we use a web browser to access the service directly. If we want to intercept and tamper with the request, we need to send the web browser request to BurpSuite first, and then process the traffic data on BurpSuite.

So how to make the web browser’s request go through BurpSuite?
The easiest way is to set the browser’s proxy server to BurpSuite, which is the default 127.0.0.1:8080. But this is cumbersome, and you have to modify it after each test, otherwise, after closing BurpSuite, it will affect the normal use of the browser.

It is recommended to use a browser proxy plug-in here. For example, for common Chrome and Firefox browsers, it is recommended to use the Proxy SwitchyOmega plug-in.
1、Plugin download：https://proxy-switchyomega.com/download/

2、plugin installation(Chrome is used as an example here)

Unzip the downloaded plugin to a folder
Type in the Chrome address barchrome://extensions/Enter to open the extension
clickLoad the unpacked extension, select the folder in step 1

3、plugin configuration
Create a new scenario mode, and set the proxy server to the proxy address and port set in BurpSuite and save it with the application


4、plugin enabled
Click on the upper right corner of the browserProxy SwitchyOmegaPlug-in button, select the corresponding scenario mode, after entering the URL to be accessed on this page, the request traffic at this time will pass through BurpSuite

5、Frequently Asked Questions – When fetching HTTPS for the first time, the browser will report security issues

solution:

1. After opening the browser and starting the BurpSuite proxy, visit in the address barhttp://burp
2. Click on the upper rightCA Certificatebutton to download the certificate file
   
3. Open the downloaded certificate file, clickinstall certificate, follow the prompts to install
   
4. It should be noted that the certificate storage needs to be stored inTrusted Root Certification Authorities
   
5. After the certificate is installed, accessing the HTTPS link will not report security issues (Note that restarting the browser will take effect）

3. Proxy settings – the client under test is a mobile terminal

Sometimes, we need to perform penetration testing on the mobile APP, so how to configure it?

1. In BurpSuite’s Proxy Listeners, select the proxy currently in use, click the Edit button on the left, and in the pop-up dialog box, set the Bind to address option toAll interfaces。
   
   
2. Connect the mobile phone and PC to the same WiFi, open the mobile phone WiFi settings, set the IP address of the PC where the HTTP proxy server BurpSuite is located, and the port is the proxy port of BurpSuite. Taking the iPhone as an example, its settings are shown in the figure below
   
3. If the mobile APP uses the HTTPS channel, you also need to install the certificate, the solution is the same as that of the web browser

4. Proxy settings – the client under test does not support proxy settings

When the object we need to test is a PC client, and the client does not support proxy settings, how to solve it?

Solution 1: Set up the system proxy directly, and all traffic will pass through BurpSuite; the setting method is the simplest, but the disadvantages are also obvious. In addition to causing too many recorded requests to affect the test, it will also affect the use of other non-test applications.

Solution 2: Set through the Proxifier tool. Proxifier is a very powerful socks5 client, which can set HTTPS or SOCKS proxy/proxy chain for software that does not support proxy settings.

Proxifier supports Xp/Vista/Win7/Win10, MAC OS, supports socks4, socks5, http proxy protocol, supports TCP, UDP protocol, can specify port, specify IP, specify domain name, specify program and other operating modes, and the compatibility is very good.

The setting method is as follows:
1. Proxy server settings

1. Click the Proxy Servers button to open the dialog box, click the Add button to add the proxy server configuration.

   AddressandPortFill in the proxy of BurpSuite, that is127.0.0.1:8080
   ProtocolChoose HTTPS
   AdvancedIn the advanced settings item, you can customize a tag name for the agent to distinguish

   
   

2. Click the Check button to test whether the proxy setting is successful. If successful, it will display Proxy is ready to work with Proxifier!
   
   

3. Enable proxy rules; click the Proxification Rules button to open the dialog box; there are 2 direct rules by default, click the Add button at the bottom left to enter the specific rule setting page
   
   Setting content:

   Name: Fill in any
   Applications: Set the application that needs to go through the proxy, that is, the application to be tested
   Target hosts: Set which websites to visit through the proxy, fill in according to the actual situation
   Target ports: Set which ports to visit the target website to go through the proxy, fill in according to the actual situation
   Action: Here, select the proxy server set in the previous step.

   
   After the rules are set up, the order of the rules can be changed. Like BurpSuite’s Upstream Proxy Servers, the earlier rules will be hit first.
   
   After all settings are ready, click the OK button to save. At this point BurpSuite can grab the HTTP message from the application under test (As shown in the picture above, WeChat is set, then all HTTP requests in WeChat will be proxied through BurpSuite). At the same time, you can also see the connection status and logs in Proxifier.

2. Proxy chain setting
If the request needs to go through multiple proxies, Proxifier also supports proxy chain settings.

1. Add multiple proxy servers, then click the button Proxy Chains to expand proxy chain settings
   

2. Click the Create button to add a proxy chain, and then drag the proxy servers into the proxy chain in order of data volume
   

3. Click the Type button, or double-click the proxy chain name to set the proxy chain type

   Simple Chain: Simple type, the request data passes through each proxy server sequentially from top to bottom
   Redundancy: Redundancy type, if the first proxy server fails to connect, try the second one, and so on
   Load Balancing: load balancing type, the request data will be randomly sent to each proxy server in the list

   

4. After setting, in the Proxification Rules, change the action of the rule to select the proxy chain

Finally, the Upstream Proxy Servers and SOCKS Proxy in BurpSuite can actually solve the problem of multiple proxies in the service under test, so there is no need to set them in Proxifier.
As for what is multi-proxy and how to set it in BurpSuite, it will be introduced below.

5. Proxy settings – there are multiple proxies in the service under test

In some special scenarios, the website we need to test also needs to go through a layer of proxy. For example we visitwww.baidu.com, you need to set the SS proxy for the browser first (127.0.0.1:6666）。
now need towww.baidu.comFor testing, if you simply set the browser proxy to BurpSuite, although you can capture packets, butwww.baidu.comCan’t go127.0.0.1:6666Go, the test is pointless.

To solve this problem, proxy chains are needed. Proxy Chain (Proxy Chain) can use a proxy to connect to another proxy.

For example, in the above scenario, we first set the proxy of the browser to BurpSuite; then set an upstream proxy for BurpSuite, namely SS (127.0.0.1:6666). access like thiswww.baidu.com, the request data first passes through BurpSuite, then flows to SS, and finally arrives at the SS serverwww.baidu.com. The response returned by the server is just the opposite.

BurpSuite natively supports such settings. On the Connections page under BurpSuite’s User options,Upstream Proxy ServersandSOCKS ProxyThese two configuration items are related to the proxy chain.

1. Upstream Proxy Servers setting
In this setting item, multiple upstream proxy server rules are supported. That is to say, multiple Upstream Proxy Servers can be configured at the same time. During use, BurpSuite will compare the requested host with the content set in Destination host in order, and send the requested content to the first matching proxy server.

The specific configuration method is as follows:

Click the Add button on the left side of the Upstream Proxy Servers list box to open the Add upstream proxy rule dialog box. There are a total of 8 setting items here, and generally you only need to pay attention to the first 4:

Destination host: Fill in the domain name or IP of the target website, wildcards are supported. In this example, we can fill in *.baidu.com.
Proxy host: Fill in the IP address of the SS proxy server, that is, 127.0.0.1; if it is empty, it means direct connection.
Proxy port: Fill in the proxy address of SS, namely 6666.
Authentication type: Select the authentication type here, since the SS local agent does not need authentication, this is to select None.

If the Authentication type is None, the next 4 items are ignored, otherwise, the following 4 items need to be set according to the actual situation.

Username:username.
Password:password.
Domain: domain; only for NTLM authentication type.
Domain hostname: domain hostname; only for NTLM authentication type.

Set the content as shown in the figure below, and finally click OK.
then you will findwww.baidu.comIt has been able to access, and the corresponding request message has been successfully captured in BurpSuite.

2. SOCKS Proxy settings
Similar to the role of Upstream Proxy Servers, the function of SOCKS Proxy is to send the request content to the corresponding proxy server. The difference is that SOCKS Proxy acts on the TCP protocol layer, so if this item is set, all request data will be sent to the SOCKS proxy server.

Under the function of Upstream Proxy Servers, only the configured domain name or IP will go to the corresponding proxy server, but under the function of SOCKS Proxy, it will pass through the corresponding proxy server regardless of where the request is.
So if Upstream Proxy Servers and SOCKS Proxy are set at the same time, all requests will be sent through the proxy server configured by SOCKS Proxy, and Upstream Proxy Servers will not work at this time.

The SOCKS Proxy setting method is as follows:

First fill in the IP and port of the SOCKS proxy server in the input box below (if the SOCKS proxy server requires authentication, you also need to fill in the user name and password), and then check Use SOCKS proxy.