Hands-On Application Penetration Testing with Burp Suite
上QQ阅读APP看书,第一时间看更新

Setting up Firefox to work with Burp Suite (HTTP and HTTPS)

Firefox has been a hacker favorite for quite some time now. This is largely due to a plethora of add-ons that allow you to extend its features and abilities. One of the primary advantages that Firefox has over other browsers in the industry is its ability to use proxy settings that are not tied with the operating system.

Firefox can be set up to use a specific proxy, even if the operating system has a separate system proxy set. This allows for various tools that require a separate proxy to be used in conjunction with Firefox, while ensuring Firefox does take a separate route.

Remember, no browsers, including Firefox, have separate proxy settings for the private/incognito mode.

To set up proxy options in Firefox, take the following steps:

  1. On Windows, click on the three dashes in the right top corner of any tab and select Options from the menu. For Linux and OS X systems, the option to select is called Preferences.
  2. Scroll right to the bottom of the page or type proxy in the search box to bring up the Network Proxy option, as shown in the following screenshot:
  1. Click on Settings... to open the Connection Settings window:
  1. Select Manual proxy configuration and enter the IP address of the machine on which Burp is running. If you have Burp running on the same machine as the browser, then use 127.0.0.1 , or localhost to set this up. Enter the port number on which the Burp proxy listener is set up.
  2. If you have set up multiple listeners in Burp and you want Firefox to send HTTP and HTTPS traffic to different endpoints, then this has to be added to the relevant protocols. An SSL proxy endpoint would be where HTTPS traffic would be sent. The same applies to FTP as well.
  3. Select the Use this proxy server for all protocols if you wish to use the same proxy endpoint for other protocols as well.
  1. You can always select No proxy to enable Firefox to directly talk to the internet.
  2. Selecting the Use system proxy settings will make Firefox obey system proxy settings.
  3. You can add exclusions to the proxy setup by adding them in the No Proxy for text area. This area accepts IP addresses, hostnames, subnets, and domain names (including top level domains like .org and .com), as shown in the following example:

A little later in the chapter, we will see the usage of a Firefox add-on called FoxyProxy that can be used to rapidly switch between multiple proxies without going through all of the preceding steps. This allows us to maintain multiple profiles that can be tailored for specific use cases. More about that a little later.