**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
Proxy Listener
A local HTTP proxy server called a proxy listener keeps track of incoming connections made by the browser, allowing you to observe and intercept all requests and responses. By default, Burp sets up a single listener on port 8080 of the loopback interface, which lets you use Burp’s browser to test nearly all web applications that run in a browser.
If you’re testing unusual applications or working with non-browser-based HTTP clients, you might need to create or adjust listeners. You can do this by using the Add and Edit buttons to open the dialog for adding a new proxy listener, where you can configure the settings in the various tabs.
Binding Tab
These settings determine how Burp connects the proxy listener to a local network interface:
- Bind to port: Choose a port on the local interface. Burp will open this port to listen for incoming connections. Ensure the port is free and not already in use by another application.
- Bind to address: Select the local interface’s IP address so that Burp may bind to it.
- You can choose from:
- The loopback interface only
- All interfaces
- A specific local IP address
Request Handling
These settings determine how Burp handles request redirection received by the listener:
- Redirect to host: Specify a host to which Burp will forward all requests, regardless of the browser’s target. If the server expects a different Host header than the one sent by the browser, you may need to set up a match and replace rule to modify the Host header in the requests.
- Redirect to port: Choose a port to which Burp will forward all requests, regardless of the browser’s target.
- Force use of TLS: Enable this to use HTTPS for all outgoing connections, even if the incoming request uses HTTP. This can be used for sslstrip-like attacks by downgrading an application that enforces HTTPS to plain HTTP, for a victim whose traffic is being proxied through Burp.
- Support invisible proxying: This allows non-proxy-aware clients to connect directly to the listener.
You can use the redirection options individually. For instance, you can redirect all requests to a specific host while keeping the original request’s port and protocol.
Certificate
These settings manage the server TLS certificate presented to TLS clients, helping to resolve some TLS issues when using an intercepting proxy. The available options are:
- Use a self-signed certificate: Burp presents a self-signed certificate to your browser, which always triggers a TLS alert.
- Create a certificate with a specific hostname that is signed by a CA.: This default option creates a unique, self-signed Certificate Authority (CA) certificate during installation. The certificate is stored on your computer and used each time Burp runs. Burp creates a TLS certificate for the host, signed by the CA certificate when your browser establishes a TLS connection.
- Generate a CA-signed certificate with a specific hostname: Specify a hostname for Burp to generate a single host certificate for use with every TLS connection. This is useful for invisible proxying, in which the client does not issue a CONNECT request, and Burp is unable to detect the required hostname prior to TLS negotiation.
- Use a customized certificate: To display a particular certificate in your browser, load it. The certificate needs to have a (.p12) file extension and be in PKCS#12 format; certificates in (.psx) format are not accepted. This option is useful if the application requires a specific server certificate with attributes, such as a given serial number or certification chain.
TLS Protocols
These settings determine the TLS protocols Burp uses for TLS negotiation with the browser. The available options are:
- Use the Java installation’s default protocols.
- Use custom protocols: Select the desired protocols from the list.
HTTP
This setting determines if the proxy listener permits clients to use HTTP/2, which is enabled by default. You might want to disable it in certain situations, such as when a client encounters issues with its HTTP/2 implementation. This setting does not affect the connection between Burp and the server.
