Burpsuite Pro v2.1 to intercept WebGoat via Proxy
I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer as per Burpsuite. Would greatly appreciate any assistance in getting the intercept to work. Below is my configuration.
- Burpsuite Pro v2.1
All settings are default. Proxy listener: 127.0.0.1:9997
- WebGoat accessible via http://localhost:9998/WebGoat/login.mvc
Try one of these:
1. Add an entry to your Hosts file:
Then in your browser visit http://myapp:<address>
In Windows your Hosts file can be found at C:/windows/system32/drivers/etc/hosts.
2. (For Firefox) Go to about:config and change network.proxy.allow_hijacking_localhost to true.
Thanks for the prompt reply. I have tried what you have mentioned and added the following in the etc/hosts file.
It is still unable to intercept requests from webgoat, yet i could see microsoft update requests (controlled by company policies so im unable to turn them off)
Currently, im unable to get firefox on my system and only have Chrome and IE.
Would really appreciate if there could be a workaround for this
Do you encounter any error messages? is there anything in the Burp > Event log?
I did not receive any error messages other than from windows updates requests. But as my testing workstation is a standalone and not allowed to connect to any network, the windows updates requests will not go through.
May I know where is the path to view even logs for burp?
Jy, the Event log is on the bottom left of the Dashboard tab.
When you try to intercept traffic, what do you see in the Proxy > Intercept tab?
There was no error messages except for the proxy service started on 127.0.0.1 9997. And there's no requests from webgoat either.
This is going to sound weird as it doesn't make sense, but i've managed to intercept the HTTP requests from webgoat by editing the hosts file. So instead of the following setting:
I've changed it to
And access webgoat through http://localh:9998/WebGoat and burpsuite was able to intercept the requests.
Its just a change of hostname but it seems to work.
Hope this helps others who might be facing the same issue!
Thanks for the update JY.