Options: connections

  • Last updated: July 1, 2022

  • Read time: 3 Minutes

The Connections options control how Burp handles platform authentication, upstream proxy servers, SOCKS proxy, timeouts, hostname resolution, and out-of-scope requests.


Some of these options can be defined at both the user and project level. For these options, you can configure your normal options at the user level, and then override these if required on a per-project basis.

Platform authentication

These settings let you configure Burp to automatically carry out platform authentication to destination web servers. Different authentication types and credentials can be configured for individual hosts. Platform authentication can also be disabled on a per-host basis.

Supported authentication types are: basic, NTLMv1, and NTLMv2. The domain and hostname fields are only used for NTLM authentication.

The Prompt for credentials on platform authentication failure option causes Burp to display an interactive popup whenever an authentication failure is encountered.

Upstream proxy servers

These settings control whether Burp will send outgoing requests to an upstream proxy server, or directly to the destination web server.

You can define multiple rules, specifying different proxy settings for different destination hosts, or groups of hosts. Rules are applied in sequence, and the first rule that matches the destination web server will be used. If no rule is matched, Burp defaults to direct, non-proxied connections.

You can use wildcards in the destination host specification (* matches zero or more characters, and ? matches any character except a dot). To send all traffic to a single proxy server, create a rule with * as the destination host. Leave the proxy host blank to connect directly to the specified host.

For each upstream proxy you configure, you can specify an authentication type and credentials if required. Supported authentication types are: basic, NTLMv1, and NTLMv2. The domain and hostname fields are only used for NTLM authentication.

SOCKS proxy

These settings let you configure Burp to use a SOCKS proxy for all outgoing communications. This setting is applied at the TCP level, and all outbound requests will be sent via this proxy.

If you have configured rules for upstream HTTP proxy servers, then requests to upstream proxies will be sent via the SOCKS proxy configured here.

If the option Do DNS lookups over SOCKS proxy is enabled, then all domain names will be resolved by the proxy. No local lookups will be performed.


These settings specify the timeouts to be used for various network tasks. You can specify the following timeouts:

  • Connect - This setting is used when connecting to a server, to determine how long Burp will wait for a response after opening a socket, before deciding that the server is unreachable.
  • Normal - This setting is used for most network communications, and determines how long Burp will wait before abandoning a request and record that a timeout has occurred.
  • Open-ended responses - This setting is only used where a response is being processed which does not contain a Content-Length or Transfer-Encoding HTTP header. In this situation, Burp waits for the specified interval before determining that the transmission has been completed.
  • Domain name resolution - This setting determines how often Burp will re-perform successful domain name look-ups. This should be set to a suitably low value if target host addresses are frequently changing.
  • Failed domain name resolution - This setting determines how often Burp will reattempt unsuccessful domain name look-ups.

Values are in seconds. If an option is set to zero or left blank, then Burp will never time out that function.

Hostname resolution

These settings enable you to specify mappings of hostnames to IP addresses, to override the DNS resolution provided by your computer.

Each hostname resolution rule specifies a hostname, and the IP address that should be associated with that hostname. Rules can be individually enabled or disabled.

This feature can be useful to ensure correct onward forwarding of requests when the hosts file has been modified to perform invisible proxying of traffic from non-proxy-aware thick client components.

Out-of-scope requests

This feature can be used to prevent Burp from issuing any out-of-scope requests. It can be useful when you need to guarantee that no requests are made to targets that are not in-scope for your current work. Even if the browser makes requests for out-of-scope items, the outgoing requests will be dropped by Burp.

You can enable this feature for the current Target scope. Alternatively, you can define a custom scope using URL-matching rules.