Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

My organization uses multiple http proxies via the windows internet explorer settings - can burp be configured to use this setup?

Jean-Sebastien | Last updated: Nov 14, 2022 08:08PM UTC

In a vast enterprise, we use multiple proxies for multiple destinations and web apps, and these change over time (uat, dev, prod, etc). Is it possible to configure Burp Suite Pro in Windows to consume what my Windows Desktop has in Internet Proxy Settings (updated every 15 minutes)? I know we can configure multiple upstream servers in Burp, but I hope to automate this by using the Windows info instead, as I don't know which app and proxy changes happen, when I start the next scan... We have around 900 web apps scanned. I tried using a loopback, going straight out, and it doesn't work in our environment. And if I choose just one or a few, I miss potential API's and elements while scanning. Maybe this is a Java thing? Thanks.

Michelle, PortSwigger Agent | Last updated: Nov 15, 2022 09:01AM UTC

Thanks for getting in touch. I'm afraid when you're setting User Options -> Connections -> Upstream Proxy Servers, these cannot be automatically imported from your system settings. You can use wildcards in the destination host settings to reduce the number of entries you need to add if some servers within the same domain use the same proxy server. I hope this helps.

Jean-Sebastien | Last updated: Nov 15, 2022 01:58PM UTC

Thank you for the answer - that's what I thought. Are there any plans Burp Suite Pro supporting this feature? Other tools/competitors we use easily support this feature on Windows.

Michelle, PortSwigger Agent | Last updated: Nov 16, 2022 09:04AM UTC

We don't have any current plans to add this functionality. Have you had a look at the 'Proxy Auto Config' extension in the BApp store? Would this be helpful in your scenario? https://portswigger.net/bappstore/7b3eae07aa724196ab85a8b64cd095d1

Jean-Sebastien | Last updated: Nov 17, 2022 02:15PM UTC

Yes we did, but not really as advertised... Thanks.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.