Tuesday, September 10, 2013

Burp support for Firefox Plug-n-Hack

The Firefox browser has recently added support for a new way of easily configuring the browser to work with intercepting proxy tools like Burp. To use this, you need to install a Firefox plugin called Plug-n-Hack:


The plugin is currently beta and also requires the latest beta version of Firefox, but when it is stabilized it will be available on the Firefox Marketplace.

If you have installed the Plug-n-Hack plugin, configuring a clean installation of Firefox to work with Burp is pretty straightforward. First, in your browser, enter the URL to connect directly to your Burp Proxy listener (by default 127.0.0.1:8080):


On the Burp welcome page, follow the Plug-n-Hack link:


Click on the "Configure your browser" button, and accept the warning displayed by the plugin:


If everything worked, you will see a "Configuration succeeded" message:


The configuration will have carried out two tasks. Firstly, it will configure your browser to use Burp as its proxy server, via a proxy auto-configuration file created by Burp:


Secondly, it will install Burp's SSL CA certificate as a trusted root in your browser, to eliminate SSL warnings when intercepting traffic to SSL web sites:


Hopefully the new Plug-n-Hack support might make life a bit easier next time you are setting up Burp on a new machine.