Burpsuite

Go to the Burpsuite website. Download and run the executable.

Burpsuite is pre-installed in Kali images.

Running Burpsuite

  • Run the installed program.
  • Select "Temporary Project".
  • Select "Use Burp defaults"
  • Switch to the "Proxy" tab
  • Make sure the "Intercept is on" button is selected

Additional Setup

To intercept messages from the server to the client (to alter cookies) switch to the options tab and select the "Intercept responses" tickbox under "Intercept Server Responses".

Burpsuite by default intercepts HTTPS requests as well as HTTP, this results in invalid certificate warnings. To avoid intercepting HTTPS traffic select the "Options" tab under "Proxy". Under "SSL Pass Through" add an entry with host set to ".*" and port set to "443".

Setting up FoxyProxy in Firefox

  • Go to the Firefox Add-On store and select "Add to Firefox", ignore the new tab that is opened.
  • Select the crossed out fox icon on the user bar and select "Options".
  • Select "Default" and set "Proxy Type" to HTTP.
  • Set IP address to 127.0.0.1 and Port to 8080, leave username and password blank.
  • Close the options tab and select the fox icon and select "Use proxy Default for all URLs".

All traffic will now be routed through burpsuite, to disable traffic being sent through burpsuite select the fox icon and select "Turn off FoxyProxy".