By Chaim Sanders
It is quite simple to configure Burp to work with Tor.
Note: what I’m showing you here is just the quickest path, other configurations are possible (such as using standalone tor or HTTPTunnelPort).
1. Download and install Tor Browser for your operating system.
2. Once installed, open the browser.
3. Navigate to the options menu by clicking the options button in the top right and selecting ‘Options’
4. Scroll all the way to the bottom of the options page and find the section entitled ‘Network Proxy’ and select the ‘Settings…’ button.
5. Determine the settings for the Tor SOCKS proxy, for me (and the defaults) it was 127.0.0.1 on port 9150.
6. Open BURP Proxy and navigate to the ‘User options’ tab (Project Options will also work)
7. Find the ‘SOCKS Proxy’ settings area and select the ‘Use SOCKS proxy’ checkbox. Then below that enter the address of the Tor SOCKS proxy that we collected earlier (127.0.0.1 and 9150 for me). Then select the ‘Do DNS lookups over SOCKS proxy’ checkbox.
8. To ensure this is working I like to make a a request to ipify.org both locally and via Burp Proxy. To do this select the ‘Repeater’ tab. Set the target to https://api.ipify.org on port 443 using HTTPS. For the request you can make a standard GET request to /, such as the following:
GET / HTTP/1.1 Host: api.ipify.org
9. You should get an IP address back. You should verify that this is not your local external IP address.