Using Burp Suite and FoxyProxy in Firefox
Level: Beginner | Reading time: 5 minutes
In this article, I’ll show you how to configure Burp Suite and FoxyProxy in Firefox.
The Burp Suite is an integrated platform for performing security testing on web applications. You can use it as a proxy to intercept your browser sessions to any website. This can be useful for testing against web applications, discovering vulnerabilities in websites, and maybe even making some money with a bug bounty. 🙂
Burp has a free version called Community Version. To download this version go to the following site:
Download Burp Suite Community Edition – PortSwigger
FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxy features. For a simpler tool and less advanced configuration options, FoxyProxy Basic can be used.
You can use FoxyProxy in conjunction with Burp Suite to facilitate proxy activation using Burp.
After downloading, do the standard installation and we are ready to install FoxyProxy.
After installing the add-on, you will see it in the top right corner of Firefox like the image below:
By clicking on options, we are taken to the configuration page and we will add the Burp address by clicking on Add.
To validate the address in Burp Suite, let’s open it and go to the Proxy tab:
Then click Options and we can see the Burp Proxy Listener:
Let’s copy this address to use in FoxyProxy, where we will have the result as below:
Once saved, we will have the configuration listed as below:
The best thing about FoxyProxy is that it is very easy to use. After the configuration we made above, just click on the green option below “Proxy” and it will use Burp as a proxy:
Configuring Burp Suite Certificate in Firefox
So that we can perform the proxy without certificate errors, let’s import the burp certificate into the Firefox settings.
To do this, type in the browser: http://burp/.
Let’s click on CA Certificate in the upper right corner:
Now just save the certificate:
Let’s open the Firefox settings:
Let’s search for Certificates and click on View certificates:
Let’s click on Import and select the downloaded certificate:
Using Burp as a Proxy
Now let’s open our Burp Suite, go to the Proxy tab and check if the “Intercept is on” option is enabled:
Now let’s open Firefox and select the option we configured earlier so that it uses a browsing proxy:
Then visit any address and check that the site is not open because the interception mode is on and you need to accept to continue on Burp. If you click Forward, it will forward the request to the next step:
See that I’m going to click on the plugin to share an article on Facebook here on the site and we can see this in the Burp being intercepted:
In this blog, you learned how to configure Burp Suite as a proxy and use FoxyProxy in Firefox to make it easier to configure a proxy in the browser.
For more information, I leave the reference links below:
Getting started | Web Security Academy – PortSwigger
How to use Burp Suite for penetration testing – PortSwigger