Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Is there a good write-up on using intercept vs proxy?

Carlos | Last updated: Nov 04, 2021 05:48PM UTC

Before I ever used Burp Suite, I installed Foxy Proxy and had no trouble seeing the HTTP history. I'm using the Community Edition on VirtualBox Kali. Then I watch a great Burp video (How to intercept HTTP requests and responses using Burp Suite) and my take away was that I didn't need to proxy any more, I would just use Intercept. Then I saw everyone proxying and got tired of webpages not loading, because Burp boots up defaulting to Intercept On. So I went back to using Foxy Proxy on my unbedded browser. Examining the Community Solution for Blind OS Command Injections, I see the guy is turning Intercept off and on (and is using Foxy Proxy) which got me confused. I know Intercept will hold the command until you Forward it or Drop it and I figured I was doing the logical equivalent with Repeater, but maybe there are cases where you must not send a command first because you can't resend it - like logging in (if you're not logged in and send the userID and pw, it works, but maybe if you're already logged in and send a userID and pw again, it won't work). I think it would be good to see a write-up go more in-depth about this. I did see support item https://forum.portswigger.net/thread/how-do-i-change-the-burp-browser-from-chromium-to-firefox-1bc75f16 which talks a little about this, but isn't obvious from the title.

Ben, PortSwigger Agent | Last updated: Nov 05, 2021 11:02AM UTC

Hi Carlos, If you are using the Intercept functionality within Burp then you are also proxying your traffic through Burp. If it helps your understanding, you could consider the intercept functionality to be a special action available when proxying traffic through Burp. When you setup your proxy (whether that is through using the pre-configured embedded browser, manually configuring it within an external browser or using a tool like FoxyProxy to set it up for you) you are telling your browser to send its traffic to the Burp Proxy Listener, which is acting as a web proxy server. When the intercepting functionality is switched off then this traffic is automatically being sent on to the destination web server without you, as the user, having to do anything. This traffic is then observable within the Proxy -> HTTP history tab within Burp. When you configure the intercepting functionality to be on, you are saying that you wish to perform a manual action on the traffic that is being proxied and, as you have correctly identified, this traffic will be stalled and held in the Proxy -> Intercept tab waiting for you to perform some manual action on it. At this stage, requests from your browser will not have reached the destination web server. We would generally recommend that you have this set to "Intercept is off" unless you want to capture and manipulate requests in real time. With "Intercept is off" configured, the requests will still pass through Burp (and, as noted above, are viewable in the Proxy -> HTTP history tab) but you do not have to perform any manual action on them for them to reach the destination web server.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.