Welcome back to another tutorial related to Burp Suite in the article we will take a look at how can we configure Burp Suite Proxy with Mozilla Firefox for web penetration testing let’s get started.
Configure Burp Suite Proxy With Mozilla Firefox
For configuring Firefox with Burp Suite:
Go to Preferences:
In the search field, enter the keyword ‘network’ as shown in the screenshot and click on ‘Settings’.
Select ‘Manual proxy configuration’ as shown in the screenshot below and enter the IP as 127.0.0.1 (or localhost) and port as 8080.
Note: By default, the Burp Suite proxy listens on port 8080. This can be customized and we’ll see that in the upcoming articles. However, the same port number must be entered both in the browser as well as in the Burp Suite in case you wish to change the same.
Simply click ‘OK’ once the proxy details have been configured.
Now you will be able to intercept the traffic from Firefox to Burp but you will not be able to intercept HTTPS traffic for that we need to install the Burp Suite CA certificate in our browser
Installing Burp’s CA certificate in Firefox
We have already seen in the previous article that Burp Suite proxy works as Man-in-the-Middle. While accessing an application over HTTPS through Burp Suite, the proxy will generate a TLS certificate signed by its certificate authority and store it on the client system.
To use Burp Suite most efficiently in the case of HTTPS, it is advisable to download and install the Burp Suite CA Certificate as trusted in the browser.
To import and install the Burp Suite CA certificate, first ensure your Firefox browser is configured to work along with the Burp Suite proxy. Then in the address bar, type URL “http://burpsuite” as shown in the screenshot.
Notice the right-hand corner for “CA Certificate.” Click on that option and download the file “cacert.der”.
Next, go to Firefox Options and type ‘cert’ in the search bar:
Click on the option ‘View Certificates’ and then use the ‘Import’ button to select the Burp Suite Certificate that we previously downloaded.
After that, you will get a pop-up to trust the certificate.
Now you will be able to intercept the requests from HTTPS sites as well if you have any questions do comment down below we will be happy to help.