Introduction
In this lab, you will learn how to configure an upstream proxy server in Burp Suite. An upstream proxy is another proxy server that Burp Suite forwards its outgoing requests to, instead of sending them directly to the destination web server. This technique, often called proxy chaining, is useful for several scenarios, such as routing traffic through a specific network (like Tor), bypassing IP-based access controls, or working within a corporate network that requires all traffic to go through a company proxy.
You will be guided through the process of launching Burp Suite, navigating to the correct settings, and creating a rule to route all traffic through a specified upstream proxy.
Navigate to Project options > Connections > Upstream Proxy Servers
In this step, you will launch Burp Suite and find the settings for configuring upstream proxies. The LabEx virtual machine has Burp Suite Community Edition pre-installed.
First, open a terminal and launch Burp Suite by running the following command:
burpsuite
A splash screen will appear, followed by a dialog box for project selection. For this lab, a temporary project is sufficient. Select Temporary project and click Next.
Next, you will be asked about the Burp configuration. Select Use Burp defaults and click Start Burp.
Once the main Burp Suite window opens, you will see several tabs at the top. Click on the Project options tab. Within the Project options tab, a new set of sub-tabs will appear below it. Click on the Connections sub-tab.
Finally, scroll down within the Connections settings until you find the Upstream Proxy Servers section. This is where you can define rules for routing Burp's traffic.
Click 'Add' to Define a New Upstream Proxy Rule
In this step, you will begin the process of creating a new rule for an upstream proxy.
In the Upstream Proxy Servers section you located in the previous step, you will see a set of buttons: Add, Edit, Remove, Up, and Down. To create a new rule, you need to click the Add button.
Clicking Add will open a new dialog window titled Edit upstream proxy rule. This window contains all the settings required to define a single routing rule, including the destination to match and the proxy server to use.
Set the Destination Host (e.g., '*')
In this step, you will configure the rule to apply to all outgoing traffic from Burp Suite.
Inside the Edit upstream proxy rule dialog, the first field is Destination host. This field determines which requests will be routed through the upstream proxy based on the destination server's hostname or IP address.
To make all traffic from Burp Suite go through the upstream proxy, you can use a wildcard character. Enter an asterisk (*) into the Destination host field. The asterisk acts as a wildcard that matches any and all hostnames.
While we use * for this lab, in a real-world scenario, you could enter a specific hostname like example.com or a wildcard for a subdomain like *.api.example.com for more granular control.
Enter the Proxy Host and Port Number
In this step, you will specify the address of the upstream proxy server.
Still in the Edit upstream proxy rule dialog, locate the Proxy host and Proxy port fields. These fields tell Burp where to send the traffic that matches the destination host rule.
For this lab, we will use a hypothetical proxy running on the local machine.
- In the Proxy host field, enter
127.0.0.1. - In the Proxy port field, enter
8081.
Below these fields, you'll see an Authentication section. This is used if the upstream proxy requires a username and password. We will leave this section blank for this exercise.
After entering the host and port, click the OK button at the bottom of the dialog to save and add the new rule.
Enable the Rule and Test Connectivity
In this step, you will enable the newly created rule and observe its effect.
After clicking OK in the previous step, you will be returned to the Connections tab. You should now see your new rule listed in the Upstream Proxy Servers table.
Notice the checkbox to the left of your rule. This checkbox enables or disables the rule. By default, it is checked (enabled) when you create it. Ensure the checkbox is ticked.
Now, let's test it. The easiest way to test the proxy configuration is by using Burp's built-in browser.
- Go to the Proxy tab.
- Go to the Intercept sub-tab.
- Click the Open Browser button. A new browser window, pre-configured to use Burp, will open.
In this new browser, try to navigate to any website, for example, http://example.com. The connection will fail. This is expected! The connection fails because Burp is trying to forward the request to our non-existent upstream proxy at 127.0.0.1:8081. You can see the failure alerts in Burp's Dashboard tab under the Event log.
This failure confirms that your upstream proxy rule is working correctly.
To complete the lab, close Burp Suite. A dialog will ask if you want to save your project. Click Yes. In the save dialog, name the file upstream-proxy-config.burp and save it in the default /home/labex/project directory.
Summary
Congratulations on completing the lab!
In this lab, you have successfully learned the fundamentals of configuring an upstream proxy server in Burp Suite. You practiced how to:
- Navigate to the Upstream Proxy Servers settings.
- Add a new proxy rule.
- Use a wildcard (
*) to define a broad destination host match. - Specify the host and port of an upstream proxy.
- Enable and test the rule to confirm that traffic is being rerouted.
This skill is essential for penetration testers and security professionals who need to control and manipulate network traffic in complex environments.