1. Support Center
  2. Documentation
  3. Desktop editions
  4. Penetration testing
  5. Configuring your browser

Configuring your browser to work with Burp Suite

Burp is designed to be used alongside your browser. Burp functions as an HTTP proxy server, and all HTTP/S traffic from your browser passes through Burp. To do any kind of testing with Burp, you need to configure your browser to work with it.

Firstly, you need to confirm that Burp's Proxy listener is active and working. Go to the Proxy tab, then the Options sub-tab, and look in the Proxy Listeners section. You should see an entry in the table with the checkbox ticked in the Running column, and "127.0.0.1:8080" showing in the Interface column. If this is not the case, try pressing the "Restore defaults" button to the left of the panel. If the listener is still not running, then Burp was not able to open the default Proxy listener port (8080). You will need to select the table entry, click "Edit", and change the port number of the listener to a different number. See the Proxy listeners help for more details.

Secondly, you need to configure your browser to use the Burp Proxy listener as its HTTP proxy server. To do this, you need to change your browser's proxy settings to use the proxy host address (by default, 127.0.0.1) and port (by default, 8080) for both HTTP and HTTPS protocols, with no exceptions. The details of how to do this vary by browser and version, but are roughly as follows:

When you've configured your browser, you need to test that it is working properly. With Burp running, in your browser go to any HTTP URL (don't use HTTPS for the moment). Your browser should sit waiting for the request to complete. In Burp, go to the Proxy tab, and then the Intercept sub-tab. These tabs should be highlighted, and there should be an HTTP request showing in the main panel. Click on the "Intercept is on" button so that it says "Intercept is off". Go back to your browser, and you should (shortly) see the URL you requested being loaded in the normal way. If things aren't working in the way described, please refer to the troubleshooting help.

Finally, you need to configure your browser to be able to send HTTPS requests through Burp without any problems. This step isn't strictly necessary to use Burp in a basic way or only for non-HTTPS URLs, but it only needs to be done once and is necessary to get the most out of Burp when testing applications that use HTTPS. The reason for this requirement is that Burp breaks SSL connections between your browser and destination web servers, in order to view and modify the plain contents of HTTPS messages. SSL is designed to prevent this happening, and so by default your browser will show a security warning when you visit an HTTPS URL using Burp. To ensure that applications using HTTPS function properly, you need to install Burp's Certificate Authority (CA) SSL certificate in your browser trust store. For detailed help on doing this, please refer to the help on installing Burp's CA certificate. When you have done this, you can confirm things are working properly by closing all your browser windows, opening a new browser and visiting any HTTPS URL. The browser should not display any security warnings, and the page should load in the normal way (you will need to turn off interception again in the Proxy Intercept tab if you have re-enabled this).

back-to-top