Burp Suite User Forum

Login to post

Burp https proxy support

hazcod | Last updated: Mar 02, 2021 07:09AM UTC

Hi, Currently Burp supports defining an upstream HTTP or SOCKS proxy. I would like to request to have HTTPS proxy support added. Defining a HTTP proxy means that any HTTP (plaintext) traffic will also travel plaintext to the proxy. With a HTTPS proxy, there is a persistent TLS connection to the proxy to secure access over the internet. Java already supports this natively so this should just be a bit of UI work. -Dhttps.proxyHost=https://proxy.memorynotfound.com -Dhttps.proxyPort=443 Thank you!

Hannah, PortSwigger Agent | Last updated: Mar 05, 2021 02:03PM UTC

Thank you for your feedback! We've passed this on to our development team.

Timothy | Last updated: Aug 04, 2021 08:29AM UTC

Hi PortSwigger team, My employer's internal VPN recently removed HTTP support, it can only be reached over HTTPS now. I'm wondering if there's an expected timeline for this feature request? This minor change would really help out myself and my colleagues. Kind regards, Timothy

Hannah, PortSwigger Agent | Last updated: Aug 05, 2021 12:24PM UTC

Hi Timothy It sounds like your use case is a bit different from the original poster. Could you drop us an email at support@portswigger.net with some more information on your situation?

Timothy | Last updated: Nov 03, 2021 11:01AM UTC

Hi all, We've sent a feature request to PortSwigger for this, in the meantime we've also found a workaround for our internal team. Solution: set up mitmproxy as a forward-proxy, pass the connection from browser --> burp --> mitm --> HTTPS proxy --> final website The mitm command is this `mitmproxy --mode upstream:https://[proxy_server]:[proxy_port] --listen-host localhost --listen-port 8085 --ssl-insecure` In Burp, the mitmproxy is configured in the upstream proxy settings. In this case localhost:8085. Hope this helps others too. Kind regards, Timothy

You need to Log in to post a reply. Or register here, for free.