One place for hosting & domains

      Proxy Burp Suite Traffic Through a Linode

      Updated by Linode

      Written by Linode

      Use promo code DOCS10 for $10 credit on a new account.

      When testing with Burp Suite, you may find yourself working in an environment with specific network restrictions. For example, a firewall appliance can interfere with your testing by dropping or modifying packets, resulting in false positives or false negatives.

      One workaround is to proxy Burp’s traffic through a Linode. Doing this will bypass local network restrictions and pipe everything directly to the internet via Linode’s network.

      1. Configure your browser to work with Burp.

      2. If you haven’t already, install Burp’s CA certificate in your browser.

      3. Open an SSH connection to your Linode through port 12345. This will be used to pass local traffic to your Linode, so keep this terminal window running in the background during testing.

        ssh -D 12345 root@your_linode_ip_address
      4. In Burp Suite, go to the Project Options tab, then the Connections tab.

      5. Under SOCKS Proxy, enable the Override user options toggle. You’ll see form field options appear.

      6. Make the following changes:

        • Enable Use SOCKS proxy.

        • In the text field labeled SOCKS proxy host, enter localhost.

        • In the text field labeled SOCKS proxy port, enter the port number you started the SSH connection with above.

        • Enable Do DNS lookups over SOCKS proxy.

        Burp Suite proxy settings

      7. All browser traffic will now be forwarded from Burp to your Linode over the SSH connection, then out to the internet. Confirm this by visiting with the browser you configured for Burp. The result should show your Linode’s public IP address.

      This guide was written with permission from and in collaboration with Jesse Kinser.

      Join our Community

      Find answers, ask questions, and help others.

      This guide is published under a CC BY-ND 4.0 license.

      Source link