Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Proxying Java / JAR

Karthik | Last updated: May 27, 2015 07:38AM UTC

I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have enabled proxy via 127.0.0.1:8080 Applet loads fine But still I dont see traffic via Burp suite. (If I access a regular website , I see the requests in burp suite) I have ensured target scope is configured appropriately. Can someone tell me what I am missing ?

PortSwigger Agent | Last updated: May 28, 2015 09:46AM UTC

If the applet is not honoring the configured proxy settings, then you may need to do some additional configuration to force the applet to communicate via your invisible proxy listener. This often involves redirecting the DNS for the domain that the applet is trying to contact. More details are here: http://portswigger.net/burp/help/proxy_options_invisible.html

Burp User | Last updated: May 29, 2015 12:50PM UTC

I understand that I have to create entries like 127.0.0.1 example.org and appropriate listeners on Burp Suite if the JAR connects to abc.com:1234, I will create a burp suite entry to listen on port 1234 But should I set the Java proxy to 127.0.0.1 to 1234 or leave the proxy settings for java blank ?

PortSwigger Agent | Last updated: Jun 01, 2015 08:42AM UTC

If you are using DNS-level redirection to make your client send its requests via Burp, then you don't need to configure Java's proxy settings.

Burp User | Last updated: Jun 01, 2015 11:19AM UTC

Thanks for the response. However, my question is if the JAR file connects to both abc.com at 8080 and abc.com and 9090 what should I give for Java proxy (I am not using DNS level redirection) (I have created individual listeners at port 8080 and 9090 in Burp and enabled invisible proxying as well.

PortSwigger Agent | Last updated: Jun 01, 2015 12:32PM UTC

To use invisible proxying, with those listeners configured, you must use DNS-level redirection, to point the relevant host(s) at 127.0.0.1. Then, turn off the regular proxy configuration in the Java client.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.