Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Proxy with BurpSuite Enterprise

Nithin | Last updated: Feb 05, 2019 11:34AM UTC

I'm trying to launch my BurpSuite agent with port 8090 opened for me to be able to proxy traffic through it and then run a Scan. Is this possible with BurpSuite Enterprise? Use-Case Example: I launch a burp agent with listener-port 8090. On my browser, I set proxy to <BurpAgent-IP>:8090 and browse the target. I then start an active-scan on the target. This can easily be achieved on BurpSuite Pro, but can it also be achieved on BurpSuite Enterprise?

Liam, PortSwigger Agent | Last updated: Feb 05, 2019 11:42AM UTC

Nithin, have you tried using the settings via burger menu > Settings > Network?

Burp User | Last updated: Feb 06, 2019 08:20AM UTC

Hi Liam, Thanks a lot for the response! I tried that and was not able to proxy traffic through it. I also saved an ideal(for my use-case) `projectconfig.json` from BurpSuite Pro and tried loading it as a Scan-Config in Enterprise. That didn't seem to work either. Am I missing a Step somewhere?

Liam, PortSwigger Agent | Last updated: Feb 06, 2019 01:41PM UTC

Just to clarify, what do you mean by proxy traffic through it? Could you explain the steps you used to load the config file?

Burp User | Last updated: Feb 07, 2019 07:08AM UTC

Q: Just to clarify, what do you mean by proxy traffic through it? A: Once I launch a BurpSuite Agent, I want to be able to proxy traffic through that Agent and then initiate an Active scan on the proxied traffic. ------------------------------------------------------------------------------------------------------------ Q: Could you explain the steps you used to load the config file? A: I Setup Proxy listener on BurpSuite Pro. I exported the Project settings and loaded it as configuration file on BurpSuite Enterprise and launched a Scan.

Liam, PortSwigger Agent | Last updated: Feb 07, 2019 04:47PM UTC

Regarding using an agent as a Proxy; this isn't how Burp Enterprise works. to perform this sort of testing you would need to use Burp Pro. If you open a clean instance of Burp Pro with default settings and load your config file, does it work as intended? What settings are you trying to use with Burp Enterprise?

Burp User | Last updated: Feb 08, 2019 08:39AM UTC

Thanks for the clarification Liam. I have a Burp Pro Extender that can proxy traffic and initiate an active scan in an automated fashion. Since I cannot use Burp Enterprise for my use-case, I'm assuming I can go ahead and use my Burp Suite Pro+Extender instead in my CI environment. ------------------------------------------------------------------------------------------------------------ Q: If you open a clean instance of Burp Pro with default settings and load your config file, does it work as intended? What settings are you trying to use with Burp Enterprise? A: Yes, If I load the config file Burp Pro works as intended. But, the same config file does not work on Burp Enterprise. The config file essential opens a port for me to Proxy traffic.

Liam, PortSwigger Agent | Last updated: Feb 08, 2019 09:50AM UTC

I can't see an issue with you using Burp Pro + your extension as long as it's within our license terms. It's worth nothing that will we support extensions in Burp Enterprise in the future. You won't be able to change this setting with with a config file. You can change the web server port via Burp Suite Enterprise > webServer > 1.0.11beta > web-server.config. Please let us know if you need any further assistance.

Burp User | Last updated: Feb 13, 2019 07:41AM UTC

Hi, Liam Is it possible to get on a call and discuss my use-case that I'm working on for a client before I go ahead and integrate BurpSuite Pro for them? Based on our conversation, I'll be in a position to decide what I can recommend to my client. Would be great if the call is possible sometime soon.

PortSwigger Agent | Last updated: Feb 13, 2019 08:13AM UTC

Hi Nithin, Thanks for your message. Unfortunately, we're not able to offer support over phone or web conference facilities. Just reading back your previous comments, Burp Pro sounds a good fit for your needs - capture traffic in Proxy mode, then perform scanning. Burp Enterprise does not support that use case at present. Perhaps it will in future, but that's some way out. Please let us know if you need any further assistance. It's helpful if any questions are clear and answerable.

prashanth | Last updated: Feb 08, 2022 08:22AM UTC

Hey Liam and Nithin, Is this use-case being served by Burp enterprise now in 2022 ?

Alex, PortSwigger Agent | Last updated: Feb 08, 2022 09:09AM UTC

Hi,

Thanks for your post.

Burp Suite Enterprise is not designed to operate as a web proxy server between your browser and target applications - this use case would still fall to Burp Suite Pro.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.