Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Where is the firefox "plug-n-hack" plugin?????

Luke | Last updated: Jun 02, 2015 08:48PM UTC

There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find nowhere to download/install it. No URL, nothing. Its like a vicious circle in Google to mozilla docs talking about it, but nowhere to actually find it. What the heck is going on.

Burp User | Last updated: Jun 02, 2015 09:40PM UTC

Well found something here https://github.com/mozmark/ringleader/blob/master/fx_pnh.xpi have no idea who vouches for this.

PortSwigger Agent | Last updated: Jun 04, 2015 12:39PM UTC

It looks like the Firefox plug-n-hack plugin hasn't really taken off, and we don't really want to be encouraging users to scour the internet and install random plugins off Github. At the time we provided support for the plugin , we were informed that it would soon be available in the Firefox add-ons repository, so it would be trivial for users to install. Since this hasn't happened, we probably really just need to remove references to it from the Burp documentation.

Burp User | Last updated: Jul 23, 2015 12:52PM UTC

Yes, PW-command, please, update the instruction

Burp User | Last updated: Oct 16, 2015 04:14PM UTC

Yes, please remove the references to that plugin from the docs and Proxy page.

PortSwigger Agent | Last updated: Oct 18, 2015 10:06AM UTC

We'll remove any remaining references from the documentation shortly.

Burp User | Last updated: Feb 11, 2016 03:02AM UTC

To everyone that is wanting to get this extension you need to install zap there should be an link in there when you start your search on as site to link your firefox with it after that itll send you to the page and let you install the extension you are probably going to have to use the developer option or what ever you call it i cant think of its name but the prototype options for firefox and find the one about letting you install unknown sources. this is the safest and easiest way to download plug and hack

Burp User | Last updated: Mar 09, 2016 04:01PM UTC

Still needs changing...

Burp User | Last updated: Apr 13, 2016 01:11PM UTC

Burp Suite documentation is still pointing us to the plug-n-hack plug in.

Burp User | Last updated: Apr 20, 2016 12:09AM UTC

On thing you can do setup a separate account and ssh user/host equivalence, then start the browser with that user. You'll get fresh options, bookmarks and such. Configure that browser as required for burp and use it when pen testing. In these days of ransomware now targeting Linux, this also makes your web surfing safer as they can't pwn your $HOME if you are running as a different account. I have a write up at http://dbinternals.com/home/securing-your-web-browsing-in-linux/

Burp User | Last updated: Apr 21, 2016 11:57AM UTC

The way to fix this is to download and install OWASP ZAP as that automatically installs the plug-n-hack [or similar] addon into Firefox. Automatic proxy config URL should then show as http://localhost:8080/proxy.pac Works for me every time. You will probably need to edit your security settings in Firefox to allow the add-on to install. Newer versions of browsers are getting very strict on unsigned add-ons. Please see this link in order to do that. https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?as=u&utm_source=inproduct

Burp User | Last updated: Apr 24, 2016 12:10PM UTC

Mozilla Firefox version 43.0.1 + does not allow unverified add-on's, meaning all unsigned plugins are automatically disabled. If your Firefox version is lower than 43, you have no problems. Solution: downgrade Firefox for now

Burp User | Last updated: Jan 31, 2017 01:44PM UTC

Brought to attention in 2015 and brought up for removal, 2017 and its still in the docs #SMH

PortSwigger Agent | Last updated: Feb 01, 2017 08:42AM UTC

We can't find any remaining references to plug-n-hack in the current Burp documentation. If you are aware of any, please provide a link.

Burp User | Last updated: Apr 19, 2017 12:39AM UTC

Tax day and yet the reference remains.

Burp User | Last updated: May 19, 2018 12:44AM UTC

There is still reference of plug and play reference in the burp documentation. It's been 3 years since you are saying that you will remove it.

Burp User | Last updated: May 29, 2019 05:58PM UTC

Getting Started: Firefox - Note: If you are using Firefox and you have the Plug-n-hack plugin installed in Firefox, you can configure your browser to work with Burp automatically. Using your browser, visit the URL of your Proxy listener (as identified above - for example: http://127.0.0.1:8080) and following the "Plug-n-hack" link. If you do not have the Plug-n-hack plugin installed in Firefox, go to the Firefox menu, click on Options, click on Advanced, go to the Network tab, and click on the Settings button in the Connection section. Select the "Manual proxy configuration" radio button. Enter your Burp Proxy listener address in the "HTTP proxy" field (by default, 127.0.0.1). Enter your Burp Proxy listener port in the "Port" field (by default, 8080). Make sure the "Use this proxy server for all protocols" box is checked. Delete anything that appears in the "No proxy for" field. Then click "OK" to close all of the options dialogs. And, further, nothing works with Firefox 67, because it changes every URL to https

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.