login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Tuesday, 10 September 2013

Burp support for Firefox Plug-n-Hack

The Firefox browser has recently added support for a new way of easily configuring the browser to work with intercepting proxy tools like Burp. To use this, you need to install a Firefox plugin called Plug-n-Hack:


The plugin is currently beta and also requires the latest beta version of Firefox, but when it is stabilized it will be available on the Firefox Marketplace.

If you have installed the Plug-n-Hack plugin, configuring a clean installation of Firefox to work with Burp is pretty straightforward. First, in your browser, enter the URL to connect directly to your Burp Proxy listener (by default 127.0.0.1:8080):


On the Burp welcome page, follow the Plug-n-Hack link:


Click on the "Configure your browser" button, and accept the warning displayed by the plugin:


If everything worked, you will see a "Configuration succeeded" message:


The configuration will have carried out two tasks. Firstly, it will configure your browser to use Burp as its proxy server, via a proxy auto-configuration file created by Burp:


Secondly, it will install Burp's SSL CA certificate as a trusted root in your browser, to eliminate SSL warnings when intercepting traffic to SSL web sites:


Hopefully the new Plug-n-Hack support might make life a bit easier next time you are setting up Burp on a new machine.

10 comments:

oxdef said...

Hope it will have switch on/off button on the panel.

Geri said...

Should this work with the free v1.5 burp as well or only with the pro version?

Thanks
Geri

Reza Hossain said...

Hi,
I have installed FireFox Beta 24.0, but can't find the extension.

Could anyone please post the link?

Thanks

PortSwigger said...

@oxdef That is surely desirable since if a user isn't sure how to configure their browser to use the tool, they also probably don't know how to undo the config. This would be a matter for the FF extension to implement.

@Geri This feature was added to Burp Pro very recently and isn't in the current free edition.

@Reza Hoassain This is the official Mozilla post:

http://blog.mozilla.org/security/2013/08/22/plug-n-hack/

which links to:

https://github.com/mozmark/ringleader

Reza Hossain said...

Thanks PortSwigger, I have installed it now.

Reza Hossain said...

Hi,
My company uses proxy, How do I configure burp that redirect all request go to my company proxy after burp proxy?

Thanks

PortSwigger said...

@Reza Hoassain You can configure this at Options / Connections / Upstream proxy servers. The help button on the panel will explain how.

Reza Hossain said...

@PortSwigger Thanks for your help. I was able to setup upstream proxy.

Brij Raj Rawat said...

can anyone tell me please from where i can download and install plug-n-hack extension to config my firefox with burp suite
thanks

Anonymous said...

@Reza, oxdef
You can find the "ringleader" project here:
It contains an .xpi file in this project:
This is an add-on file for Mozilla FF & similar browsers. Just download this file and open it with your browser.


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.