Configuring Burp Suite on Kali Linux with Chrome

Configuring Burp Suite on Kali Linux with Chrome

Quite a specific tutorial this time round, but an important one !

First things first , launch burpsuite into life - we'll need the server running on 127.0.0.1 to be active. Check that this is so by seeing that intercept is on:

intercept-is-on

Intercept is the functionality that captures packets, being a proxy server it is effectively our MITM (man-in-the-middle). Now we want chrome to recognise burp as a proxy server, and to relay packets through it. Now , there are two ways of doing it with Chrome: which is either by going into the advanced settings and setting up your proxy every time - like this:

manually-specify-chrome-proxy

Or the quicker, automated way of using the FoxyProxy extension

foxyproxy-extension

You can see I've already made my choice haha

It's quite simple and nothing scary - a nice thing that FoxyProxy does is it communicates with Chrome's API and doesn't alter those settings you saw above, meaning once we flick the extension off the call is made to resume normal one-to-one HTTPS sessions.

Let's add the burpsuite entry:

add-new-proxy-entry

Open this and we should get a menu , but we're only interested in the first two tabs...

specify-proxy-name

And for proxy details:

foxy-proxy-information

Then hit save.

new-proxy-table

We should see this table and with that we should enable the connection to the proxy

foxy-extension

use-burpsuite-proxy

Now that everything is operational as intercept should still be on we can then head over to the 127.0.0.1:8080 address and see Burp

grab-certificate

Click the grab-certificate in the top right (as you can see I did at the bottom) and then open up the Chrome settings again

Type in Certificates and click on the Security option

manage-certificates-chrome

Once there you'll see a button to import those certs , hit it and upload that file

setting-up-portswigger-authority

The reason we need a certificate is because other websites - say CNN.com will want to see that the client has the certificates available - as this is what gets used in the forming of encrypted TLS channels over HTTP. Without it we wouldn't be able to setup a secure session as we don't have any signatures of authenticity or public keys to show our identity.

Click OK , restart Chrome and you should be good to go ! I hope this has been helpful.