As a proxy Burp Suite is designed to intercept your web traffic. This is a key part of being able to use Burp to manipulate your web traffic as you’re using it to test a website. It’s not just a click-and-play tool though, you need to configure Burp and your device to work together.
The first thing you need to do is ensure that you have Burp installed, you can download the free “Community” edition from PortSwigger’s website. Once it’s installed and you’ve started the application, you can look to the “Options” sub-tab of the “Proxy” tab to find the details for the proxy listener.
The proxy defaults to listening on port 8080 of the IPv4 loopback address “127.0.0.1”, although this will fail if you have another service using that port. If you want to configure which interface or port number Burp listens on, you can either edit the default listener or add a new one.
Tip: You will need to change the interface that Burp listens on if you want to monitor the traffic of another device.
Configuring your device
The first thing you need to do on your device is to add the Burp certificate to your trust store, so you can intercept HTTPS traffic without constant certificate warnings. To do so, start by browsing to the IP and port of the proxy listener e.g. 127.0.0.1:8080, and downloading the “CA certificate”. Once it’s downloaded, double-click on it, then install it to either the “Current User” or “Local Machine” store’s “Trusted Root Certification Authorities” list.
Tip: You will need to restart your browser for this change to take effect.
Finally, you need to configure your device to use the proxy listener as a proxy server. The exact method of doing so will depend on your operating system, the setting can generally be found in the networking settings, or in the connection settings to your current network.
In Windows 10, you can access the proxy configuration page of the Settings app, by pressing the Windows key, then typing “Proxy settings” and hitting enter. In the “Manual proxy setup” section you need to click the “Use a proxy server” slider to the “On” position, enter the IP address and port number of your proxy listener, then click “Save” to enable the proxy.
Once you’re finished intercepting traffic you will need to stop Windows from using the proxy. To do so, you just need to click the “Use a proxy server” slider to the “Off” position on the “Proxy settings” page of the Settings app.