Chapter 2. Configuring Browsers to Proxy through Burp

The Burp Suite Proxy tool is an intercepting proxy. An intercepting proxy intercepts all the traffic that is sent toward it from a client and all the resulting responses from the server as well.

The primary job of the Burp Suite Proxy tool is to intercept regular web traffic, which goes over Hypertext Transfer Protocol (HTTP), and with additional configuration, encrypted HTTP (HTTPS) traffic as well. All of this to make it easy for you to see all interactions and data that goes to and come from the web server. If you can see what is happening in terms of requests and responses, you can test the website security using various techniques and approaches available to you.

Burp Suite can be used to intercept any client-server communication that goes over HTTP. The most common web clients are the web browsers that users like you and me use. There are other software capable of crafting and working with HTTP requests, such as curl and Wget.

Some desktop software that does send out HTTP requests don't have any provision to specify proxy information. Burp Suite allows you to intercept traffic from such clients using invisible proxying. We will cover this in detail in Chapter 4, SSL and Other Advanced Settings.

Note that although Burp Suite is a lot more than just a proxy, everything starts with configuring browsers to proxy through Burp Suite.

Let's see how we can configure Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox to proxy all their web traffic through Burp Suite.