Burp community forum

Burpsuite Pro v2.1 to intercept WebGoat via Proxy

Jy | Last updated: Aug 02, 2019 02:20AM UTC

I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer as per Burpsuite. Would greatly appreciate any assistance in getting the intercept to work. Below is my configuration. - Burpsuite Pro v2.1 All settings are default. Proxy listener: - IE v11.2 Proxy: - Chrome v75 Proxy: - WebGoat accessible via http://localhost:9998/WebGoat/login.mvc

Liam, PortSwigger Agent | Last updated: Aug 02, 2019 08:53AM UTC

Try one of these: 1. Add an entry to your Hosts file: myapp Then in your browser visit http://myapp:<address> In Windows your Hosts file can be found at C:/windows/system32/drivers/etc/hosts. 2. (For Firefox) Go to about:config and change network.proxy.allow_hijacking_localhost to true.

Burp User | Last updated: Aug 02, 2019 01:01PM UTC

Hi Liam, Thanks for the prompt reply. I have tried what you have mentioned and added the following in the etc/hosts file. localhost localhost. It is still unable to intercept requests from webgoat, yet i could see microsoft update requests (controlled by company policies so im unable to turn them off) Currently, im unable to get firefox on my system and only have Chrome and IE. Would really appreciate if there could be a workaround for this thanks!

Liam, PortSwigger Agent | Last updated: Aug 02, 2019 01:05PM UTC

Do you encounter any error messages? is there anything in the Burp > Event log?

Burp User | Last updated: Aug 05, 2019 02:57AM UTC

Hi Liam, I did not receive any error messages other than from windows updates requests. But as my testing workstation is a standalone and not allowed to connect to any network, the windows updates requests will not go through. May I know where is the path to view even logs for burp? Thanks!

Liam, PortSwigger Agent | Last updated: Aug 06, 2019 07:25AM UTC

Jy, the Event log is on the bottom left of the Dashboard tab. When you try to intercept traffic, what do you see in the Proxy > Intercept tab?

Burp User | Last updated: Aug 07, 2019 10:08AM UTC

Hi Liam, There was no error messages except for the proxy service started on 9997. And there's no requests from webgoat either. This is going to sound weird as it doesn't make sense, but i've managed to intercept the HTTP requests from webgoat by editing the hosts file. So instead of the following setting: localhost localhost. I've changed it to localh localh And access webgoat through http://localh:9998/WebGoat and burpsuite was able to intercept the requests. Its just a change of hostname but it seems to work. Hope this helps others who might be facing the same issue! Cheers!

Liam, PortSwigger Agent | Last updated: Aug 07, 2019 11:20AM UTC

Thanks for the update JY.

You need to Log in to post a reply. Or register here, for free.