Setup Burp Proxy to use Tor

By Chaim Sanders

It is quite simple to configure Burp to work with Tor.

Note: what I’m showing you here is just the quickest path, other configurations are possible  (such as using standalone tor or HTTPTunnelPort).

1. Download and install Tor Browser for your operating system.

2. Once installed, open the browser.

3. Navigate to the options menu by clicking the options button in the top right and selecting ‘Options’

4. Scroll all the way to the bottom of the options page and find the section entitled ‘Network Proxy’ and select the ‘Settings…’ button.

5. Determine the settings for the Tor SOCKS proxy, for me (and the defaults) it was 127.0.0.1 on port 9150.

6. Open BURP Proxy and navigate to the ‘User options’ tab (Project Options will also work)

7. Find the ‘SOCKS Proxy’ settings area and select the ‘Use SOCKS proxy’ checkbox. Then below that enter the address of the Tor SOCKS proxy that we collected earlier (127.0.0.1 and 9150 for me). Then select the ‘Do DNS lookups over SOCKS proxy’ checkbox.

8. To ensure this is working I like to make a  a request to ipify.org both locally and via Burp Proxy. To do this select the ‘Repeater’ tab.  Set the target to https://api.ipify.org  on port 443 using HTTPS. For the request you can make a standard GET request to /, such as the following:

GET / HTTP/1.1
Host: api.ipify.org

9. You should get an IP address back. You should verify that this is not your local external IP address.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s