Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to change proxy by an extension when using intruder

reta | Last updated: Sep 03, 2015 06:34AM UTC

Hello there. I posted a question( http://forum.portswigger.net/thread/1646/change-upstream-proxy-extension ) on forum not long ago, and developer gave me a rather primitive but direct recommendation. Actually, I toke another way to change the proxy on extension( https://github.com/retanoj/BurpMultiProxy ), like "Traffic rediector example", redirect request HttpService (protocol, host, port) to proxy (protocol, host2, port2) and it worked well. But the extension is not working on HTTPS website. I know the reason is missing the HTTPS connecting process after redirect HttpService (host, port) to proxy (host2, port2). But I did not find any api to build a HttpsService. Meanwhile, I noticed that the post views is 16800+ times. That means so many people looking for a change proxy extension, I wanna do something for this. Could u give me a hand? Is there any hidden api or should I code myself to build HTTPS connection? Looking forward to your response. reta

PortSwigger Agent | Last updated: Sep 03, 2015 07:55AM UTC

The correct way to achieve this is as per the forum reply, by modifying Burp's settings to configure the required upstream proxy. The hack of modifying the target HTTP service will work for HTTP connections if done right, but it won't work for HTTPS connections via a proxy. In the latter case, the client sends a CONNECT request to the configured upstream proxy, identifying the destination hostname. By modifying the target HTTP service, you will modify the contents of the CONNECT request, not where it is sent. The only way to make Burp talk HTTPS via a proxy is to configure the upstream proxy settings in Burp.

Burp User | Last updated: Sep 03, 2015 01:56PM UTC

Dear Dafydd Stuttard: First of all, thank you for your reply. Sir, you're right. The IHttpService.setHttpService method rebuild something but not the correct contents of the CONNECT request. I don't know why it could be. And, as you know, by modifying Burp's settings to configure the upstream proxy is a feasible method. I'll try it. But it may be cause some concurrency issue :( reta

PortSwigger Agent | Last updated: Sep 03, 2015 02:44PM UTC

Regarding the method of changing configs, we're working on a new way of handling configs that will allow incremental updates of only certain configs, via the API. There isn't a way to change upstream proxy on the fly per-request, sorry. Those settings are intended for one-time configuration based on your normal LAN set-up.

Burp User | Last updated: Sep 04, 2015 02:31AM UTC

Dear Dafydd Stuttard: Sir, I tried to modify settings to configure upstream proxy. Obviously, it is not very friendly. With the setting modified by extension, Burp's Proxy service stopped and restarted. Everytime when a request package sent, all the settings reload. It's not a lightweight process and not friendly. And, it has rate limitation and concurrency issue. Does Burp have any method to configure proxy for a single request? reta

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.