In this module, we will be learning how to setup Burpsuite with Firefox. Burpsuite is an Application Level Proxy which allows you to capture requests sent by your browser and modify them. It is an essential component for any Web Application Pentester.
Recommended read – How to install Burp Suite Community edition on Linux?
Creating A Directory To Store Our Certficate
Before we set up Burpsuite with Firefox, we need to create a folder to store Burp’s CA Certificate which we would be exporting later. To do this, I suggest creating a hidden directory in the user’s home folder to store the certificate.
Let’s create a hidden folder with the mkdir command:
$ mkdir .burpsuite
We would later store Burp’s CA Certificate here !
Exporting Burp’s CA Certificate
Burp’s CA Certificate is required while testing websites with HTTPS. To export the Certificate, open Burpsuite and go to Proxy>Options
Also, note the interface Burpsuite is listening on, which in this case is 127.0.0.1:8080
, as this will come handy later on.
Next up, click “Import/export CA certificate“. This should open up a prompt with Export Options
We’ll be exporting the Certificate in DER format. Store it in the hidden folder previously created. Save it as “BurpCert.der” so that we can identify it easily later on.
$ ls
BurpCert.der
Setting Up Burpsuite With Firefox
Next up, we need to import Burp’s CA Certificate which we previously imported. To do so, go back to Firefox’s Proxy settings and from there go to Certificates
Select “View Certificates -> Import” and select the certificate we exported earlier.
You’ll be asked if you trust the Certificate. Select both the options and click okay.
With this, we should have Burp’s CA Certificate imported. You can even find it listed in your certificate list as follows :
Configuring Firefox To Use BurpSuite Proxy
For the setup to be able to intercept the requests sent by the Browser we need to configure Firefox so as to use Burp’s Proxy. To do so open Firefox’s Network setting, which you can do by going to Firefox’s Preferences and in the search box type in “xy”. This should bring up the Network Settings
Open the Proxy Settings, which should give you the following window:
Select Manual Proxy and in the fields Provided, provided the address Burp is listening on as we previously noted. In the default case it is as follows:
- HTTP Proxy: 127.0.0.1
- Port: 8080
Select the check box to use the same same for HTTPS and FTP. Also, select the SOCKS v5 option and click OK. Now, all the requests issued by Firefox can be intercepted by Burpsuite.
Intercepting Requests With Burpsuite
If you now open Burpsuite -> Proxy and turn on Intercept, you’ll see your request being intercepted and now you can modify them to your will! If your requests aren’t interpreted, make sure that that the Proxy settings are the same as in Burps’ listening address!
Conclusion
Thus we successfully setup Firefox with Burpsuite. If this seems too much trouble you can also use Burp’s Integrated Browser for your pentesting activities and that would work just as fine.