Updated April 4, 2023
What is Burp Suite Proxy?
Burp Suite Proxy is the main logic behind Burp’s user-driven workflow. It acts as a web proxy server between your browser and the applications you want to access, allowing you to intercept, inspect, and alter the raw traffic in both directions. In this part, we’ll walk you through some of Burp Proxy’s most important features so you can get a better understanding of how it operates.
Burp Suite Proxy is a man-in-the-middle web proxy that intercepts traffic between the end browser and the target online application. It allows you to intercept, inspect, and change both incoming and outgoing traffic.
Burp Suite Proxy works in combination with the browser you’re using to access the targeted app. There are two options which are given as follows:
- Use Burp’s inbuilt browser, which doesn’t require any further setup. Click “Open Browser” on the “Proxy” then “Intercept” tab. All traffic will be automatically proxied via Burp in a new browser session. You may even use this without installing Burp’s CA certificate to test across HTTPS.
- You can use any external browser you like. You might not want to utilize Burp’s integrated browser for a variety of reasons. In this instance, you’ll need to take a few more steps to configure your browser to interact with Burp and install Burp’s CA certificate.
Go to any URL in your browser. After sending a request, the browser will be forced to wait for a response.
Navigate to the “Proxy” then “Intercept” tab in Burp. browser’s request should be shown for you to examine and modify. To see the many ways of analyzing the message, use the Inspector tool.
To transmit the request to the server, click the “Forward” button. In the majority of circumstances, your browser will make multiple requests to display the page (for images, etc.). Examine each successive request before sending it to the server. Your browser should have finished loading the URL you requested when there are no more requests to forward.
To reload the present page, click the “Refresh” button in the browser.
Edit the request on the “Proxy” and then “Intercept” tab in Burp. Change the URL in the first line of the request to request an object that does not exist. Return to your browser after sending the request or any subsequent browser to the server. Despite the fact that the browser requested the same URL as previously, a “Not Found” message should appear. This is due to the fact that you updated the outgoing request within Burp on the fly.
Go to the “Proxy” >and then the “HTTP history” tab in Burp. A table of all HTTP messages that have gone through the Proxy can be found here. Look at the HTTP messages in the message editor after selecting an item in the table. You can opt to display the original or revised request from the drop-down menu if you pick the item you modified.
In the Proxy history, click on a column header. The contents of the table are then sorted by that column. Click the same header once more to reverse-sort that column, and once more to clear the sorting and return to the default order. Try out different columns.
Select a color from the drop-down menu in the history table by clicking on a cell in the leftmost column. This will make that row stand out in the chosen color.
Double-click within the “Comment” column in another row and type a comment. To customize the history and pinpoint interesting items, utilize highlights and comments.
A filter bar is located above the history table. To see the options available, click on the filter bar. Change the filter parameters in different ways to see how they affect what appears in the history table. When the Proxy history becomes too large to handle, you may use the filter to hide specific categories of entries to make it easier to find what you’re searching for.
Show the context menu by selecting an item in the history (usually, by right-clicking your mouse). Burp’s testing workflow is controlled by the settings on the context menu. Go to the “Repeater” tab after selecting “Send to Repeater.”
The specified request has been transferred into the Repeater tool for further testing in Burp Repeater. See Using Burp Suite for further information on passing things across Burp tools and the overall testing methodology.
Examine all of the options available under the “Proxy” then “Options” tab. These can be used to modify Proxy listener behavior, create rules for determining which request and answer messages are intercepted by the Proxy, execute automatic message modification, and control the Proxy’s behavior in other ways. See Burp Proxy Options for further information.
This is a guide to Burp suite proxy. Here we discuss some of Burp Proxy’s most important features so you can get a better understanding of how it operates. You may also have a look at the following articles to learn more –