Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burpsuite Pro v2.1 to intercept WebGoat via Proxy

Jy Aug 02, 2019 02:20AM UTC

I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer as per Burpsuite. Would greatly appreciate any assistance in getting the intercept to work. Below is my configuration.

- Burpsuite Pro v2.1
All settings are default. Proxy listener:
- IE
- Chrome
- WebGoat accessible via http://localhost:9998/WebGoat/login.mvc

Liam Tai-Hogan Aug 02, 2019 08:54AM UTC Support Center agent

Try one of these:

1. Add an entry to your Hosts file:


Then in your browser visit http://myapp:<address>

In Windows your Hosts file can be found at C:/windows/system32/drivers/etc/hosts.

2. (For Firefox) Go to about:config and change network.proxy.allow_hijacking_localhost to true.

Jy Aug 02, 2019 01:01PM UTC
Hi Liam,

Thanks for the prompt reply. I have tried what you have mentioned and added the following in the etc/hosts file. localhost
It is still unable to intercept requests from webgoat, yet i could see microsoft update requests (controlled by company policies so im unable to turn them off)
Currently, im unable to get firefox on my system and only have Chrome and IE.
Would really appreciate if there could be a workaround for this


Liam Tai-Hogan Aug 02, 2019 01:06PM UTC Support Center agent

Do you encounter any error messages? is there anything in the Burp > Event log?

Jy Aug 05, 2019 02:57AM UTC
Hi Liam,

I did not receive any error messages other than from windows updates requests. But as my testing workstation is a standalone and not allowed to connect to any network, the windows updates requests will not go through.

May I know where is the path to view even logs for burp?

Liam Tai-Hogan Aug 06, 2019 01:41PM UTC Support Center agent

Jy, the Event log is on the bottom left of the Dashboard tab.

When you try to intercept traffic, what do you see in the Proxy > Intercept tab?

Jy Aug 07, 2019 10:08AM UTC
Hi Liam,

There was no error messages except for the proxy service started on 9997. And there's no requests from webgoat either.

This is going to sound weird as it doesn't make sense, but i've managed to intercept the HTTP requests from webgoat by editing the hosts file. So instead of the following setting: localhost

I've changed it to localh
And access webgoat through http://localh:9998/WebGoat and burpsuite was able to intercept the requests.
Its just a change of hostname but it seems to work.

Hope this helps others who might be facing the same issue!

Liam Tai-Hogan Aug 07, 2019 02:34PM UTC Support Center agent

Thanks for the update JY.

Post Your public answer

Your name
Your email address