login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Saturday, 21 November 2009

[V13P] Upstream proxy rules

If I had a beer for every time someone has requested this feature, I'd have been way too wasted to implement it.

Burp already supports upstream web proxies, but only as a global configuration which affects all outgoing traffic. In the new release, Burp allows you to configure rules specifying different proxy settings for different (ranges of) destination hosts.

The following configuration will make Burp talk directly to staging.intranet.corp.com, use an internal proxy server without authentication for everything else on *.intranet.corp.com, and use an authenticated gateway web proxy for everything else, including the public internet:

You can use standard wildcards in the destination host specification. Rules are applied in sequence, and the first rule which matches the web server you are communicating with will be used. If no rule is matched, Burp defaults to direct, non-proxy connections.

5 comments:

Anonymous said...

Very cool feature.
Does it support SOCKS, too?

Anonymous said...

I really really want it to accept a pac so I don't have to configure 1000 rules all over again

Anonymous said...

having it to specify IP range or pac of hosts, to use specific proxy is really missing...

thank you!

Adam Muntner said...
This comment has been removed by the author.
My Heart said...

I cant find the "Connections" tab in the free version of Burp Suite v1.4.01

Blog Archive


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.