Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Invisible Proxy Mode

Sir | Last updated: Nov 07, 2017 12:04AM UTC

So I have been reading over the last week how to setup burp with invisible/transparent proxy. I have a thick client on a Linux server. I have burp running on kali. I changed a route on the linux client so that any https traffic is sent to the kali/burp server. Via tcpdump i can see that the https traffic is making it to the burp server and that burp is listening on port 443 as I configured burp as invisible on that port. However I dont see anything other then that. Nothing in burp acknowledges that it is getting the traffic. has anyone actually got the invisible proxy to work?

PortSwigger Agent | Last updated: Nov 07, 2017 08:39AM UTC

Invisible proxy certainly does work; many users are using it successfully. If you've just set up a route on your Linux client, that won't rewrite the destination IP address, so it's likely the kernel on your Kali VM is ignoring the traffic - even if tcpdump is showing it. Normally the easiest way to get a thick client to use an invisible proxy is overriding DNS in your hosts file. If that's not possible, you need to use DNAT to rewrite the destination address at the IP layer. If you'd like us to investigate your configuration more, please send some screenshots of both your Burp and network config.

PortSwigger Agent | Last updated: Nov 07, 2017 09:24AM UTC

In that case you need to use DNAT. There's some information here: - http://linux-ip.net/html/nat-dnat.html As the client runs on Linux, I'd put the DNAT rules on that Linux system. Something like: iptables -t nat -A OUTPUT-d [app server ip] -j DNAT --to-destination [burp ip] Please let us know if you need any further assistance.

Burp User | Last updated: Nov 07, 2017 05:48PM UTC

The thick client is only using an IP address. So there is no host name to modify.

Burp User | Last updated: Nov 15, 2017 07:04PM UTC

So i think i did the same thing. I added a route on the thick client for that specific target host IP that made the burp server the next hop. I can see the traffic hitting the burp server, and the burp server is listening to port 443, but burp is not doing anything.

PortSwigger Agent | Last updated: Nov 16, 2017 09:41AM UTC