Burp Suite User Forum

Login to post

Burp extension doesn't work if proxy is enabled

stefano0798 | Last updated: May 15, 2020 01:14PM UTC

Hi, I am developing a Burp extension that involves Selenium. It runs fine if Burp intercept is turned off and the proxy is not set in the code, but clearly this way Burp cannot intercept the messages. When I enable those options the Browser opens but cannot load pages. Following the guide https://portswigger.net/support/using-burp-with-selenium DOES NOT work. The code I run is the following void runBrowserAutomatization(File fileDriver, String seleniumTrack, boolean isHeadless) { WebDriver driver; if (gui.usedBrowser().toLowerCase().contains("chrome")) { ChromeOptions options = new ChromeOptions(); Proxy proxy = new Proxy(); proxy.setHttpProxy("localhost:8080"); proxy.setSslProxy("localhost:8080"); options.setCapability(CapabilityType.PROXY, proxy); options.setHeadless(isHeadless); System.setProperty("webdriver.chrome.driver", fileDriver.getPath()); driver = new ChromeDriver(options); } else if (gui.usedBrowser().toLowerCase().contains("firefox")) { FirefoxOptions options = new FirefoxOptions(); Proxy proxy = new Proxy(); proxy.setHttpProxy("localhost:8080"); proxy.setSslProxy("localhost:8080"); options.setCapability(CapabilityType.PROXY, proxy); options.setHeadless(isHeadless); System.setProperty("webdriver.gecko.driver", fileDriver.getPath()); driver = new FirefoxDriver(options); } else { PrintMsg("No browser selected..."); return; } driver.manage().window().maximize(); driver.manage().timeouts().implicitlyWait(10, TimeUnit.SECONDS); driver.get("https://www.nytimes.com/"); driver.quit(); } The fact that it works when the Proxy options are off suggests that the code and the drivers used are working, I suppose it is a Proxy misconfiguration somewhere. Any help is highly appreciated, everything I tried before did not work

Hannah, PortSwigger Agent | Last updated: May 18, 2020 08:19AM UTC

Hi Could you tell me which version of Burp you are using? Are you running Selenium from within your Burp extension, or are you doing it externally as the guide shows? Have you tried copying the highlighted "set proxy" section from the guide, word for word?

stefano0798 | Last updated: May 18, 2020 02:23PM UTC

Hi, I am using Burp 2020.4.1, and I was also facing it in Burp 2020.4 I am running Selenium from within my extension, as the first part of the guide shows. I tried either setting the proxy in the code or setting the system proxy. The result is the same, with the browser opening but not showing any page. Except from using Java instead of Python, I am following the guide I linked. I noticed that while the browser is trying to load the page, Burp is frozen until I manually close the Browser. Can this be an hint for you? I really can't make it work, any answer is appreciated.

Hannah, PortSwigger Agent | Last updated: May 19, 2020 11:57AM UTC

Have you tried setting an upstream proxy in Burp at all?

stefano0798 | Last updated: May 25, 2020 02:11PM UTC

No, I didn't. It is not mentioned in the guide, can you give me more info about it?

Uthman, PortSwigger Agent | Last updated: May 26, 2020 10:42AM UTC

You can find out more information on setting an upstream proxy here: https://portswigger.net/support/burp-suite-upstream-proxy-servers Can you provide access to the full code for context? What are you trying to achieve?

stefano0798 | Last updated: May 27, 2020 01:45PM UTC

Sure, I am trying to run Selenium in order to complete a login process. I want to intercept such traffic and to execute some checks on those requests and response, since my extension implements the IProxyListener interface. The code involving Selenium is the following: void runBrowserAutomatization(File fileDriver, String seleniumTrack, boolean isHeadless) { this.fileDriver = fileDriver; WebDriver driver; if (gui.usedBrowser().toLowerCase().contains("chrome")) { ChromeOptions options = new ChromeOptions(); Proxy proxy = new Proxy(); proxy.setHttpProxy(PROXY_SOCKET); //localhost:8080 proxy.setSslProxy(PROXY_SOCKET); //localhost:8080 options.setCapability(CapabilityType.PROXY, proxy); options.setHeadless(isHeadless); System.setProperty("webdriver.chrome.driver", fileDriver.getAbsolutePath()); driver = new ChromeDriver(options); } else if (gui.usedBrowser().toLowerCase().contains("firefox")) { FirefoxOptions options = new FirefoxOptions(); Proxy proxy = new Proxy(); proxy.setHttpProxy(PROXY_SOCKET); //localhost:8080 proxy.setSslProxy(PROXY_SOCKET); //localhost:8080 options.setCapability(CapabilityType.PROXY, proxy); options.setHeadless(isHeadless); System.setProperty("webdriver.gecko.driver", fileDriver.getAbsolutePath()); driver = new FirefoxDriver(options); } else { PrintMsg("No browser selected..."); return; } driver.manage().timeouts().pageLoadTimeout(TIMEOUT_SEC, TimeUnit.SECONDS); // 10 seconds driver.manage().window().maximize(); WebElement currentElement = null; try { driver.get("https://www.nytimes.com/"); } catch (Exception e) { PrintMsg(e.getClass().getCanonicalName() + "\nError message: " + e.getMessage()); driver.quit(); } try { Thread.sleep(1000); } catch (InterruptedException e) { PrintMsg("InterrEx: " + e.getLocalizedMessage()) ; } driver.quit(); }

Uthman, PortSwigger Agent | Last updated: May 27, 2020 02:06PM UTC

Thanks for clarifying that. Have you considered using a Burp Macro? Are the checks being executed in Burp Pro? Your code looks slightly different to the implementation on the official website (https://www.selenium.dev/documentation/en/webdriver/http_proxies/). There are some code examples here too: https://www.programcreek.com/java-api-examples/?class=org.openqa.selenium.Proxy&method=setSslProxy.

You need to Log in to post a reply. Or register here, for free.