قالب وردپرس درنا توس
Home / Tips and Tricks / Using Burp & FoxyProxy to Easily Switch Between Proxy Settings «Null Bytes :: WonderHowTo

Using Burp & FoxyProxy to Easily Switch Between Proxy Settings «Null Bytes :: WonderHowTo



One of the best ways to search a Web site and search for vulnerabilities is to use a proxy. By routing traffic through a proxy like Burp Suite, you can quickly detect hidden bugs, but sometimes it's difficult to turn it on and off manually. Fortunately, there is a browser add-on called FoxyProxy that automates this process with a single click of a button.

Why use a proxy switcher?

A proxy switcher is a tool, usually in the form of a browser add -on: Allows you to turn a proxy on or off or switch between multiple proxies with one click. This saves a lot of time, as it usually requires many clicks to activate or deactivate a proxy.

This is beneficial for security researchers and penetration testers, as the time savings of messing around with settings can be better utilized, especially when exploring a website for testing. It can be annoying to constantly turn the proxy on and off, but using a proxy switch makes the process trivial.

FoxyProxy is a popular proxy switch that is available for both Firefox and Google Chrome. Here we will install and configure FoxyProxy in Firefox for use with Burp Suite.

Step 1: Add FoxyProxy to Firefox

First, we need to start Firefox and navigate to the add-on manager. You can do this by using the ctrl-shift p link, clicking the "Open Menu" button in the toolbar and then clicking "Add-ons" or "Tools" in the menu bar, and then click on "Add-ons". "

Click" Find More Add-ons "on the page Personalize your Firefox for" Get Add-ons "and search for FoxyProxy.

We will use FoxyProxy Basic because it provides enough functionality for what we need, rather than performing all of the above steps also go directly to the extension page of FoxyProxy Basic .

You can then click on "Add to Firefox" to add the extension.

At the command prompt, click Add to allow access to the information you need.

We will then go to FoxyProxy's page, which contains a change log and a few more information.

Step 2: Add a custom proxy

There should now be a little icon in the top right of the browser, next to bookmarks or whatever in the toolbar is. Click on the symbol and select "Options" to go to the settings page.

Then click Add to add a custom proxy.

While the Burp Suite is running, go to the Options tab under Proxy. We just want to confirm the default IP address and port as they must match in FoxyProxy.

Now we can enter the information and specify a title to ensure the organization.

Click "Save" and our proxy should now appear on the main settings page.

Now all we have to do is enable it while Burp is running. So we can effortlessly switch the proxy on and off or even switch between different proxies. Click the icon and select "Use proxy burp for all URLs (ignore pattern)" to enable it.

Step 3: Add the Burp CA (if not already done)

Now when we navigate to a Web site, we will get a warning about an insecure connection.

You may experience exceptions each time you load a new page, but they quickly become annoying. Instead, we can add the burp certificate to our browser so that it remains a trustworthy instance. To do this, navigate to the interface where Burp is running in the browser.

Click "CA Certificate" and save the file.

Next, go to Settings and scroll down the Privacy & Security page.

Click "View Certificates" and click the "Import" button.

Now you can select the certificate file just downloaded.

A prompt appears asking if you want to trust a new certification authority. Select "Trust this CA to identify sites" and click "OK" to save.

When we now see our certificates, we find the PortSwigger (the company) The Burp Suite certificate is installed.

Step 4: Testing the Custom Proxy

If we send a request via burp now, it should be successful.

Step 5: Troubleshoot SSL Errors If Needed

A potential error refers to SSL records. [19659052] Using Burp & FoxyProxy to Easily Switch Between Proxy Settings ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

I found the simplest solution by downgrading the TLS version from 1.3 to 1.2. Note: Do this at your own risk. TLS 1.2 is still widely used and relatively secure. However, you need to know that your browser is not running the latest version.

Navigate to the "about: config" page in the browser Click on "I accept the risk!"

Search for "security.tls" and double-click "security.tls.version.max" to change the settings.

Change the value to "3" to downgrade to TLS 1.2. Yeah, I know, that's a bit confusing, but it's what it is.

Step 6: Test the Custom Proxy Again

Well, when we visit a website and send the request via Burp. The process is completed successfully. No further errors are displayed.

When we are done or when We want to temporarily disable the proxy. Click the FoxyProxy icon again and select "Disable FoxyProxy (Use Firefox setting)" to return to the default Firefox settings.

Summary

We learned about Proxy Switcher and what benefits they have. We installed and configured a browser add-on called FoxyProxy that allowed us to turn a proxy like Burp Suite on and off with a single click. We also covered some configuration issues, including setting the certification authority and enabling burp for TLS. Now that FoxyProxy is installed, you can spend more time finding bugs and not messing with the settings.

Title image by geralt / Pixabay; Screenshots of drd_ / zero byte

Source link