This article was originally published on bmf-tech.com.
Overview
This post covers various settings for using Burp Suite with Chrome. I wanted to use Burp with Chrome during vulnerability assessments and responses.
Environment
Mac OS
Preparation
Steps
Configure the Proxy
Set up Proxy Profiles using chrome extension - proxy switchsharp.
Name the profile Burp (or anything else, but since it's for Burp, name it Burp). Select Manual Configuration, set 127.0.0.1 for HTTP Proxy, and configure the Port to avoid conflicts in your environment. Save the profile.
Using proxy switchsharp allows you to quickly change proxy settings via the extension, avoiding the hassle of manually changing them each time.
To change proxy settings, select proxy switchsharp from the extensions in the top right of Chrome and choose any Profile.
When you don't need to fiddle with proxy settings, select Direct Connection.
Configure the Certificate
Start Burp.
Ensure Chrome's proxy settings are set to the Profile configured above. (Simply saving the proxy settings with proxy switchsharp doesn't activate them, so you need to select the Profile from the extensions in the top right of the Chrome browser to activate it.)
If Burp is started with default settings, access http://127.0.0.1:8080.
Click the CA Certificate in the top right and download the certificate.
Open the downloaded certificate with Keychain Access and set it to Always Trust. The certificate name should be Port Swigger CA.
With these steps, Burp should now be usable with Chrome.
Additional Notes
To intercept localhost with Chrome, add <-loopback> in proxy switchsharp's Profile Detail > No Proxy For.
Burp Interception does not work for localhost in Chrome
Top comments (0)