🔐 Setting up FoxyProxy with Burp Suite for Web App Security Testing
Khan Areeb Khalid

Khan Areeb Khalid @curiousbud

About: B.E. student with expertise in software development and project management. Proven collaborator across diverse teams, delivering innovative solutions for business growth. Adaptable across tech stacks.

Location:
Mumbai, India
Joined:
Jul 7, 2024

🔐 Setting up FoxyProxy with Burp Suite for Web App Security Testing

Publish Date: Jul 9
0 0

A Beginner's Guide: Setting Up FoxyProxy with Burp Suite for Web App Testing

Getting started with web application security? One of the most powerful (and beginner-friendly) setups you can use is combining Burp Suite and FoxyProxy. Together, they let you intercept and inspect web traffic—perfect for learning how the internet really works, and how attackers find vulnerabilities.

💻 What is Burp Suite?

Burp Suite is a toolkit used by ethical hackers and security researchers to:

  • Intercept and inspect browser traffic
  • Find security bugs like broken authentication or misconfigurations
  • Modify requests and responses on the fly

🔧 Key Tools Inside Burp Suite:

  • Proxy – Captures browser traffic
  • Scanner – Finds vulnerabilities automatically (Pro version)
  • Intruder – Runs brute-force or fuzzing attacks
  • Repeater – Lets you tweak and resend requests
  • Decoder & Comparer – Help you read encoded data and see changes 💡 Think of Burp Suite like a magnifying glass for your web browser.

🦊 What is FoxyProxy?

FoxyProxy is a browser extension for Firefox/Chrome. It helps you quickly switch between proxy settings—especially useful when routing your browser through Burp Suite.

Why use it?

  • Avoid manual proxy setup every time
  • Route only certain traffic through Burp
  • Enable/disable with one click

⚙️ Step-by-Step Setup

  1. Configure Burp Suite
  • Open Burp Suite
  • Go to Proxy > Options
  • Ensure it's listening on 127.0.0.1:8080 (default)
  1. Install and Set Up FoxyProxy
  • Add FoxyProxy Standard extension to your browser
  • Open the add-on settings
  • Click Add New Proxy
  • Title: Burp Suite Proxy
  • Proxy Type: HTTP
  • Host: 127.0.0.1
  • Port: 8080
  1. Connect the Tools
  • In FoxyProxy, enable the profile you just created
  • In Burp Suite, go to the Intercept tab and turn interception "on"
  • Now, open any website—and you'll see the request paused in Burp

🧪 Test It with a Vulnerable App: OWASP Juice Shop

Want to practice without legal risk? Use Juice Shop, a purposely insecure web app hosted at:

https://juice-shop.herokuapp.com/#/
Enter fullscreen mode Exit fullscreen mode

Quick Tips:

  • Add Juice Shop to Burp's scope under the Target tab
  • Enable the AND operator in the intercept settings—this ensures only in-scope traffic is captured
  • Visit /score-board on Juice Shop to view available hacking challenges

🔐 Important: Handle HTTPS Correctly

  • To intercept secure (HTTPS) traffic:
  • Go to Burp’s Proxy > Intercept > Open Browser OR
  • Import Burp's CA certificate into your browser under Authorities

Without this, your browser won’t trust Burp to decrypt HTTPS—and traffic won’t be visible.

✅ Wrap-Up

With Burp Suite and FoxyProxy, you're not just observing—you’re interacting with the flow of web traffic. That’s the foundation of web app security testing.

Whether you're a cybersecurity student or just curious about how requests and responses really work, this setup is your gateway.

Comments 0 total

    Add comment