Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp suite is unable to intercept traffic to and from webgoat (localhost)

Ajay | Last updated: Feb 03, 2018 03:10AM UTC

I am trying to intercept traffic to and from webgoat running locally on tomcat server. I am able to see all other traffic but the localhost communication with webgoat is not being intercepted. I have searched multiple forums and articles but there is no help with troubleshooting this. Basic tutorial videos does not help as this is a specific issue.

Liam, PortSwigger Agent | Last updated: Feb 05, 2018 08:40AM UTC

Which OS and browser are you using? You Internet Options may have an option to “Bypass proxy server for local addresses”. Please let us know if you need any further assistance.

Burp User | Last updated: Feb 06, 2018 12:00AM UTC

The support team helped me with it. By default the localhost is added to the exception list "Ignore proxy". I had to remove this and it worked. Thanks to the portswigger team!

Burp User | Last updated: Mar 06, 2018 05:21PM UTC

Could you explain how can i do this please ?

Burp User | Last updated: Mar 07, 2018 04:00PM UTC

I am using windows 10 ,and my browser is Firefox 58.0.2 (64-bit). I had configured my browser network settings to use the local host proxy at port 8080,but the intercept does not work for the my local server.

Liam, PortSwigger Agent | Last updated: Mar 07, 2018 04:04PM UTC

Have you tried with IE using the "Bypass proxy server for local addresses" function in Connections > Lan settings > Proxy server?

Liam, PortSwigger Agent | Last updated: Mar 07, 2018 04:09PM UTC

The setting you are looking for is in the Chrome > Settings > Network settings. If this doesn't help, try adding an entry to your Hosts file: myapp 127.0.0.1 Then in your browser visit http://myapp:<address> In Windows your Hosts file can be found at C:/windows/system32/drivers/etc/hosts. Please let us know if you need any further assistance.

Burp User | Last updated: Aug 01, 2019 10:42AM UTC

Hi, im facing the same issue on chrome. Can I know where do you find the exception list to remove 'ignore proxy'?

Burp User | Last updated: Aug 12, 2019 02:49PM UTC

i use osx mojave and chrome. can u help me? my problem is that i removed exception list but cant intercept webgoat. thanks

Liam, PortSwigger Agent | Last updated: Aug 13, 2019 03:08PM UTC

Have you tried adding an entry to your Hosts file?

Burp User | Last updated: Sep 01, 2019 03:04PM UTC

I'm not the OP, but I had the exact same issue running WebScarab on the same VM as Tomcat & WebGoat. I tried IE and Firefox, making sure that the option was not selected to bypass the proxy for local hosts. Nothing was working and I was about to just setup a second VM to run WebScarab. However the suggestion to edit the hosts file and add an entry for 127.0.0.1 myapp worked great. WebScarab is now intercepting traffic by simply navigating to myapp/WebGoat/attack. Thank you! If the issue happens with multiple browsers and WebScarab as well as Burp Suite I would guess it's something with Windows 10 just refusing to send localhost / 127.0.0.1 traffic through a proxy. I'm not smart enough on Win10 to know. Again, thank you! You saved me having to create a second VM and opening WebGoat to more than just localhost in its config.

Liam, PortSwigger Agent | Last updated: Sep 02, 2019 02:31PM UTC

Thanks for the update Richard.

Ben, PortSwigger Agent | Last updated: Sep 11, 2019 06:30AM UTC

Hi, Have you tried the advice given in this thread to add an entry for 127.0.0.1 to the hosts file?

Burp User | Last updated: Oct 08, 2019 12:34AM UTC

Hi,editing the hosts file and adding an entry for 127.0.0.1 myapp worked for me.Thanks a lot

Burp User | Last updated: Jan 24, 2020 07:56PM UTC

I am using kali linux 2019.4 ,and my browser is Firefox 72.0.2 (64-bit). I had configured my browser network settings to use the local host proxy127.0.0.1 at port 8080,but the intercept does not work for the my local server.

Burp User | Last updated: Feb 01, 2020 10:05PM UTC

So by default firefox doesn't proxy localhost traffic so you can't intercept it using Burp Suite. You can remove localhost from the proxy exceptions list: https://superuser.com/questions/1449554/how-do-i-remove-localhost-from-proxy-exceptions-in-firefox 1) Type in "about:config" in your firefox address bar 2) Search for "network.proxy.allow_hijacking_localhost" 3) By default this value is false, set it to true

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.