Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Use a Proxy for Software Updates

Thorsten | Last updated: Feb 20, 2019 07:23AM UTC

Hello, we use Burp Suite for internal tests, so the Workstation isn't able to connect directly to the Internet. Now we have the Problem that the Burp Suite want to go directly to 54.246.133.196 , we think for pulling updates, and this requests are blocked by our Firewall. Now my question, is it possible to set up an proxy for the updates ?

PortSwigger Agent | Last updated: Feb 20, 2019 08:06AM UTC

If you configure an upstream proxy within Burp - in User options > Connections - then Burp will use that for updates. Burp actually tries to connect both directly and through the upstream proxy. This is for robustness; only one of them needs to complete.

Jean-Sebastien | Last updated: Aug 01, 2023 01:56PM UTC

FYI - Many of us have multiple upstream proxies... I think a better strategy should be implemented. Example : we have around 30 of these...

Ben, PortSwigger Agent | Last updated: Aug 02, 2023 06:53AM UTC

Hi Jean-Sebastien, Do you have a preferred way that you would like this to work in your situation?

Jean-Sebastien | Last updated: Oct 12, 2023 01:49PM UTC

Absolutely - first and foremost the upstream proxy options should be in a standalone solution as it becomes more and more complex for large environments customers like us. We have more than 30 upstream proxies and they are variable depending on URL's and users going threw them. So manually entering proxies in a small window makes it unmanageable and breaks easy. Honestly, I would make this a priority as this is limiting our usage of Burp in our vast environment. When developing such solutions, your team should always ask themselves -> how can this be managed if you have hundreds? Whatever the option we're looking at they should be more robust and developed. In this specific case, it should be much more simple to enter multiple proxies at once and edit them all together when necessary. Would a config file be better? Good question. Not sure everyone is comfortable with these setups - but at least - there should be an easy option for more serious environments and tests. Again this morning, I'm living a situation where a single URL uses multiple proxies for redirects...

Ben, PortSwigger Agent | Last updated: Oct 13, 2023 11:19AM UTC

Hi Jean-Sebastien, Thank you for the explanation. Would being able to supply a configuration file here improve things (maybe some kind of PAC file)?

Jean-Sebastien | Last updated: Oct 17, 2023 04:00PM UTC

A PAC file would definitely be a step in the right direction! This would give us a more control over proxies, especially when you have hundreds of apps that need it. Of course, the approach would need to support usernames & passwords...

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.