Firefox has been a hacker favorite for quite some time now. This is largely due to a plethora of add-ons that allow you to extend its features and abilities. One of the primary advantages that Firefox has over other browsers in the industry is its ability to use proxy settings that are not tied with the operating system.

Firefox can be set up to use a specific proxy, even if the operating system has a separate system proxy set. This allows for various tools that require a separate proxy to be used in conjunction with Firefox, while ensuring Firefox does take a separate route.

Remember, no browsers, including Firefox, have separate proxy settings for the private/incognito mode.

To set up proxy options in Firefox, take the following steps:

1. On Windows, click on the three dashes in the right top corner of any tab and select...

Google Chrome uses the system proxy to route traffic unless a command-line argument is used to specify a proxy server. This can be both cumbersome to work with and advantageous, in that you can set the proxy in Chrome without even opening the Chrome UI.

To set up proxy options in Chrome, perform the following steps:

1. Click on the three dots on the top right corner and select Settings:

2. In the Settings window, type proxy to find the Open proxy settings option:

3. This will open up the Windows Internet Properties dialog box.

4. Click on LAN settings to open up the settings page:

5. Enter the port number and IP address of the system where Burp Suite is running, as shown in the following screenshot:

6. You can also click on Advanced to use specific addresses for different protocols. Remember this is a system-wide...

Internet Explorer and Microsoft Edge both use the Windows system proxy setting as their own preference.

Following these steps will help you set up proxy options in Internet Explorer:

1. Click on the gear icon on the top right corner and select Internet options:

2. The Internet options dialog will open up. Click on Connections | LAN settings to manage your proxy settings for Internet Explorer.

Remember this is a system-wide proxy setting and most programs on the system will also obey this, especially if they do not have a proxy setting of their own.

During a web application penetration test, requirements may arise to switch in and out of your proxy settings. There will be times when you may want to have a direct connection to the internet, while the rest of the time you may want your traffic to go through Burp.

There are scenarios as well where you may want all your traffic to go through Burp, except  maybe google.com. In such cases, switching in and out of the browsers' proxy setting can easily become an unpleasant user experience.

For these reasons, there exist several add-ons/extensions for Firefox and Chrome that allow you to switch the browser's proxy setting to a different proxy at the click of an option.

Let's look at an add-on for Firefox called FoxyProxy, and an extension for Google Chrome called Proxy SwitchySharp.

For...

Non-proxy-aware clients in this context are applications that talk to the internet over HTTPS but do not have an option to set a proxy server so that traffic through them can be captured. These applications use the system proxy settings. This is common with thick client applications on Windows.

In such cases, we can set a system-wide proxy setting to work with our applications. System-wide proxy settings can be set via a command line and through the GUI. However, knowing the command-line options allows you to be able to script them, so that you can switch system-wide proxy settings using bash scripts or batch files, depending on the OS you are on.

To use...

To test Android applications, or to even test web applications via your Android device, you need to configure Burp Proxy to start a listener on interfaces and then connect the Android device and the system running Burp to the same wireless network.

This causes the Burp listener to become visible and accessible to the Android device on the same network.

Follow these steps to set a proxy for your Android device:

1. Go to the SETTINGS menu.
2. Connect to the same wireless network as Burp.

3. If you are already connected, click on the wireless connection name and select Manage network settings, as shown in the following screenshot:

4. Click on Show advanced options, to show the Proxy setting. Click on the Manual option to enter the address of the proxy server running Burp:

5. Click SAVE to save this setting and proceed to browse an HTTP...

To set up an iOS device to work with Burp, we need to add Burp's network listener address (as we did with the Android device) to the iOS device's network configuration.

To achieve this, follow these steps:

1. On the iOS device, open Settings.
2. Assuming you are already connected to the wireless network, tap the Wi-Fi option, and tap the information icon next to the wireless access point name.
3. Select Manual under the HTTP PROXY section, and enter the IP address and port number of the Burp listener.
4. Go back and browse to an HTTP site on your iOS device's browser and see that the traffic is received by Burp.

To be able to access HTTPS sites you will need, to add Burp's CA certificate in the iOS device. To configure the iOS device to do this, perform the following steps:

1. Navigate to http://burp:8080.
2. Click on the...