Enterprise Edition

Configuring upstream proxy servers

• Last updated: April 10, 2024

• Read time: 2 Minutes

You can configure Burp to send outgoing requests to an upstream proxy server, rather than directly to the destination web server.

You can add upstream proxy server rules when you add or edit a site or folder:

1. Under Scan settings, go to Connections > Upstream proxy.
2. Click Add upstream proxy server.

3. In the dialog, specify the upstream proxy server rule:

   • Destination host - Enter the destination web server address that you want the rule to apply to. You can use wildcards: * matches zero or more characters, and ? matches any character except a dot. To configure a rule for all traffic, enter * as the destination host.
   • Proxy host - Enter the proxy host address. To create a rule for a direct, non-proxied connection, leave this blank.
   • Proxy port - The port that the proxy uses.
   • Authentication type - Choose from Basic, NTLM v1, or NTLM v2.
   • Username - Enter a username.
   • Password - Enter a password.
   • Domain - Only required for NTLM authentication. Enter your domain name.
   • Domain hostname - Only required for NTLM authentication. Enter the name of your domain server.
4. Click Save.

The server is added to the list in the Upstream proxy tab. All traffic to the destination host is now sent to the specified proxy host instead.

To configure additional rules, click Add upstream proxy server, then follow the steps above. Burp uses the first rule in the list that matches the destination web server. This enables you to configure different rules for different destination hosts, or create an exception to a broader rule.

If it cannot find an applicable upstream proxy rule, Burp uses a direct, non-proxied connection.

To edit upstream proxy servers, click the edit icon .

To delete upstream proxy servers, click the trash icon .