Practical Web Penetration Testing
上QQ阅读APP看书,第一时间看更新

Setting the proxy in your browser

I'm assuming that you are using Kali Linux for your web application penetration testing, so you will be using Firefox or Iceweasel as a browser. You can install Chrome, but the instructions that I'm using are for Firefox (if you're using Chrome, don't worry; the settings should be very similar to Firefox). 

By default, Burp's port Proxy number is 8080, and this can be changed in the Options sub-tab under the Proxy tab:

Open Firefox and select Preferences from the menu. Click on the Advanced tab in the left menu; after that, select the Network tab in the top menu, and click on the Settings button in the Connection section. Finally, enter the proxy settings in the Manual proxy configuration section (see the following screenshot):

  • Don't forget to disable the proxy when you're done with your pen tests; otherwise, your browser will not load any pages when you turn Burp off.
  • Make sure that the No Proxy for: textbox does not contain the value 127.0.0.1:8080, or else Burp will not intercept the connection.
  • There is a nice, easy shortcut to avoid making all of these changes manually. You can use the FoxyProxy plugin for Firefox. Try it out!