What is Burp Proxy?
Burp Proxy lies at the heart of Burp’s user-driven workflow. It operates as a web proxy server between your browser and target applications, and lets you intercept, inspect and modify the raw traffic passing in both directions.
Burp Suite Proxy also gives you a direct view into how your target application works “under the hood”. It operates as a web proxy server, and sits as a man-in-the-middle between your browser and destination web servers. This lets you intercept, inspect and modify the raw traffic passing in both directions.
If the application employs HTTPS, Burp breaks the SSL connection between your browser and the server, so that even encrypted data can be viewed and modified within the Proxy.
Who and Why uses Burp Proxy?
In general, the people who use Burp Proxy are those who wants to intercept individual HTTP request for review and modification of a packet or message. Burp Proxy used as a listener that receive requests from the browser that uses the proxy, Burp Proxy need to import new custom certificate to make it look legitimized instead of the default Port Swigger certificate.
Where and When to use Burp Proxy?
Burp Proxy is used when people want to intercept and modify HTTP request from a browser, Burp Proxy need to be enabled in the browser and also the custom Burp certificate need to be imported in the browser as well to make it seems secure.
How to use Burp Proxy(PRACTICE)
Burp Suite – As a tool to enable the generated custom certificate in DER format thorugh Burp Proxy
OpenSSL – To generate custom certificate and private key
Scenario – We aim to change the default Port Swigger certificate from Burp to a custom certificate that is seemingly legit certificate.
- Create a custom CA Certificate using openSSL in format of DER Key
- Generate an RSA private key, CA.der and server.key will be generated.
- Write the generated RSA key into pkcs8 format so that Burp Suite can import it
- Import the generated CA certificate and private key into Burp Suite Proxy
- A success prompt will appear if you have set the certificate and key successfully
- Set up your browser’s proxy into using the Burp Suite proxy so that the browser will be able to uses the custom CA certificate
- Import the generated CA certificate into the browser, so the browser can treat the custom certificate as if it is a legitimized certificate
- Start browsing and see that the website certificate will change into the Burp Suite proxy certificate
Conclusion and Solution
So as discussed above, we can conclude that Burp Suite Proxy is a tool operates as a web proxy server between your browser and target applications, and lets you intercept, inspect and modify the raw traffic passing in both directions.
To avoid attack of Burp Proxy, it is recommendable to check the certificate of every website while browsing. It is also help to check whether the proxy that is being used is completely safe and guarantees the user’s personal data.
