LabEx
Log InJoin Free

Use the Embedded Browser in Burp Suite

Beginner
Practice Now

Introduction

Burp Suite is a powerful platform for performing security testing of web applications. One of its core features is its proxy server, which sits between your browser and the target application, allowing you to intercept, inspect, and modify the traffic.

Traditionally, using a proxy required manually configuring your web browser's network settings. This process can be tedious and sometimes conflicts with other system or network settings. To streamline this workflow, Burp Suite includes an embedded browser. This is a pre-configured Chromium browser that is launched from within Burp Suite and is automatically set up to use the Burp Proxy.

In this lab, you will learn how to launch and use Burp Suite's embedded browser to capture web traffic without any manual configuration.

In this step, you will launch Burp Suite and navigate to the primary tab used for intercepting traffic.

First, find the Burp Suite Community Edition icon on the desktop and double-click it to start the application.

A dialog box titled "Burp Suite Community Edition" will appear. It may mention a new version is available; you can ignore this. The "Project" dialog will also appear. We will use a temporary project for this lab.

  1. In the "Select project" dialog, leave Temporary project selected and click Next.
  2. In the "Select configuration" dialog, leave Use Burp defaults selected and click Start Burp.

After a moment, the main Burp Suite window will open. The interface is organized into several tabs across the top. For this lab, we are interested in the Proxy tab.

Click on the Proxy tab. By default, it will open on its own sub-tab, Intercept. This is the screen where you can view and modify live HTTP/S requests and responses as they pass through the proxy.

Ensure you are on the Proxy > Intercept tab before proceeding to the next step.

Click the 'Open Browser' Button

In this step, you will launch Burp's embedded browser.

With the Proxy > Intercept tab visible, you will see several buttons. One of them is labeled Open Browser. This button is the key to using the embedded browser feature.

Clicking this button will start a new instance of the Chromium browser that is sandboxed and pre-configured to route all of its traffic through the Burp Suite proxy instance running on 127.0.0.1:8080.

Now, click the Open Browser button.

Observe the New Chromium Browser Window Launching

After clicking the button in the previous step, a new browser window should appear on your screen.

This is Burp's embedded browser. Notice that it looks like a standard Chromium browser, but it runs as a separate process managed by Burp Suite.

The most important thing to understand is that this browser is already configured for proxying. You did not have to go into any settings menus, find proxy configurations, or type in an IP address and port number. It works out of the box, sending all its traffic directly to Burp Suite for interception and logging. This saves time and prevents configuration errors.

Take a moment to familiarize yourself with this new browser window. You will use it in the next step to browse to a target website.

In this step, you will use the embedded browser to visit a website and see how Burp Suite intercepts the traffic.

By default, interception is turned on in Burp Suite. This means any request you make will be paused in Burp Suite, waiting for your approval to proceed. For this initial test, let's turn interception off to see the traffic log populate.

  1. Go back to the main Burp Suite window. In the Proxy > Intercept tab, you will see a button that says Intercept is on. Click it once to disable interception. The button's text will change to Intercept is off.

  2. Now, switch back to the embedded Chromium browser window that you opened earlier.

  3. In the address bar of the embedded browser, type the following URL and press Enter:

    http://portswigger.net

Because interception is off, the request will pass through the proxy without pausing, and the PortSwigger website should load in the browser.

Verify Traffic from this Browser Appears in Proxy History without Manual Config

In this final step, you will see the proof that the embedded browser's traffic was successfully proxied through Burp Suite.

Navigate back to the main Burp Suite window. Within the Proxy tab, there are several sub-tabs. Click on the one named HTTP history.

The HTTP history tab displays a log of all HTTP requests that have passed through the Burp Proxy. You should now see a list of requests, including several to the host portswigger.net. You can click on any of these entries to see the full request and response in the panels below.

This confirms that the embedded browser worked as expected. You successfully launched it, browsed to a website, and captured the resulting traffic in Burp Suite, all without performing any manual browser proxy configuration. This seamless integration is a key feature that makes Burp Suite efficient and easy to use.

Summary

In this lab, you have learned one of the most fundamental and convenient features of Burp Suite: the embedded browser.

You successfully:

  • Launched Burp Suite and navigated to the Proxy tab.
  • Opened the embedded Chromium browser with a single click.
  • Used the browser to navigate to a website.
  • Verified that the traffic was automatically logged in the Proxy HTTP history without any manual configuration.

Using the embedded browser is the recommended way to work with Burp Suite, as it ensures a clean, isolated browsing environment that is guaranteed to be correctly configured for proxying. This skill is essential for efficiently performing web application security tests.