Foxyproxy for Burpsuite

In this blog

• Downloading certificates from Burpsuite.

• Importing certificates to local system.

• Configuring foxyproxy on Burpsuite and capturing traffic.

➡️ Find my blog on exposing private GraphQL endpoints here.

➡️ Find my blog on exposing private GraphQL fields here.

➡️ Find my blog on exposing private GraphQL posts here.

➡️ Find my blog on GraphQL vulnerabilities here.

Downloading certificates from Burpsuite

First things first, open up Burpsuite and go to the proxy settings.

Click ‘Regenerate CA Certificate' to download the certificate that we will use to allow Portswigger to intercept traffic on our custom browser.

Click yes and download the certificate.

To let the new certificate effect take place, restart Burp.

Go to Firefox, and search 127.0.0.1:8080, the host address and port that Burp is set to. Click CA Certificate on the right, to download the certificate to the device.

Importing certificates to the local system

Go to Firefox's settings, and go to security. Scroll all the way down to certificates.

Click view certificates.

Click import, and find the certificate that you just downloaded.

Check the box to trust the CA to identify web sites and click OK. Click OK again to close the certificate manager window.

Configuring Foxyproxy on Burpsuite and capturing traffic

Go to the Firefox extensions manager and download Foxyproxy. Once downloaded, open the extension and go to options.

 Set title to Burp, hostname as the localhost address and set the port number to 8080 (HTTP). Click save.

Open the extension again from the browser toolbar and click ‘Burp’ to start the proxy service. 

Go back to burp and turn intercept to on. It should now be intercepting traffic on the Firefox browser.

If you search for something like Google, it should come up in the Burpsuite Proxy > HTTP history tab. 

And that's it! Thanks for reading my blog.