Setting Up BurpSuite With Firefox – Easy Steps

Setting Up BurpSuite With Firefox

In this module, we will be learning how to setup Burpsuite with Firefox. Burpsuite is an Application Level Proxy which allows you to capture requests sent by your browser and modify them. It is an essential component for any Web Application Pentester.

Recommended read – How to install Burp Suite Community edition on Linux?

Creating A Directory To Store Our Certficate

Before we set up Burpsuite with Firefox, we need to create a folder to store Burp’s CA Certificate which we would be exporting later. To do this, I suggest creating a hidden directory in the user’s home folder to store the certificate.

Let’s create a hidden folder with the mkdir command:

$ mkdir .burpsuite

We would later store Burp’s CA Certificate here !

Exporting Burp’s CA Certificate

Burp’s CA Certificate is required while testing websites with HTTPS. To export the Certificate, open Burpsuite and go to Proxy>Options

Proxy Options
Proxy Options

Also, note the interface Burpsuite is listening on, which in this case is 127.0.0.1:8080, as this will come handy later on.

Next up, click “Import/export CA certificate“. This should open up a prompt with Export Options

Export Options
Export Options

We’ll be exporting the Certificate in DER format. Store it in the hidden folder previously created. Save it as “BurpCert.der” so that we can identify it easily later on.

$ ls
BurpCert.der

Setting Up Burpsuite With Firefox

Next up, we need to import Burp’s CA Certificate which we previously imported. To do so, go back to Firefox’s Proxy settings and from there go to Certificates

Firefox Certificates
Firefox Certificates

Select “View Certificates -> Import” and select the certificate we exported earlier.

Import Options
Import Options

You’ll be asked if you trust the Certificate. Select both the options and click okay.

Importing Burps CA Certificate
Importing Burps CA Certificate

With this, we should have Burp’s CA Certificate imported. You can even find it listed in your certificate list as follows :

Successfully Imported Burps CA Certificate
Successfully Imported Burps CA Certificate

Configuring Firefox To Use BurpSuite Proxy

For the setup to be able to intercept the requests sent by the Browser we need to configure Firefox so as to use Burp’s Proxy. To do so open Firefox’s Network setting, which you can do by going to Firefox’s Preferences and in the search box type in “xy”. This should bring up the Network Settings

Firefox Network Settings
Firefox Network Settings

Open the Proxy Settings, which should give you the following window:

Firefox Proxy Settings
Firefox Proxy Settings

Select Manual Proxy and in the fields Provided, provided the address Burp is listening on as we previously noted. In the default case it is as follows:

  • HTTP Proxy: 127.0.0.1
  • Port: 8080

Select the check box to use the same same for HTTPS and FTP. Also, select the SOCKS v5 option and click OK. Now, all the requests issued by Firefox can be intercepted by Burpsuite.

Intercepting Requests With Burpsuite

Intercepting Requests With Burpsuite
Intercepting Requests With Burpsuite

If you now open Burpsuite -> Proxy and turn on Intercept, you’ll see your request being intercepted and now you can modify them to your will! If your requests aren’t interpreted, make sure that that the Proxy settings are the same as in Burps’ listening address!

Conclusion

Thus we successfully setup Firefox with Burpsuite. If this seems too much trouble you can also use Burp’s Integrated Browser for your pentesting activities and that would work just as fine.