Proxying Burp Traffic
During application assessments often you need to provide testing IPs so the client knows if the traffic is legitimate testing or not. And while clients often whitelist IPs at the WAF level to avoid testers getting blocked, it still happens. Nothing would be worse than doing a test for Amazon.com then getting blocked!
Burp supports using a Socks proxy for all traffic. We’ll use this and SSH dynamic port forwarding to send all traffic through another machine. A quick explainer of dynamic port forwarding:
Dynamic port forwarding turns your SSH client into a SOCKS proxy server. SOCKS is a little-known but widely-implemented protocol for programs to request any Internet connection through a proxy server.
I often use a Digital Ocean Ubuntu box to use as my proxy. The nice thing about SSH port forwarding is that you don’t need to setup anything on the box to start using it as a proxy. The most I do is make sure it’s up to date and put a firewall on it to limit SSH access to my IP.
Once you have a box setup and an IP available to connect to, you can start your tunnel with the command below.
ssh -C -D 8089 <user>@<IP>
In terms of flags
-C will turn on compression for the SSH connection.
-D setups up dynamic port forwarding.
8089 will be the local port you’ll use for Burp’s Socks settings.
Once the connection is setup, we set the Socks proxy settings in Burp User Options.
Once we have everything setup we can use ipchicken.com to check our IP with the proxy on and off. I use Firefox with FoxyProxy setup to send traffic through Burp.
And just like that, we can funnel all of our testing traffic through a server!
Thanks for reading!
SSH's port forwarding feature can smuggle various types of Internet traffic into or out of a network. This can be used…help.ubuntu.com