SBM Labs

Cyber Security Collaboration Project

Pentester tools. Mozilla Firefox + Burp Suite + Tor
10 May 2014

Burp Suite is a set of tools integrated in one platform for the web applications security audit. Let's configure Burp Suite to work with browser Mozilla Firefox and anonymizer Tor.

We will use Ubuntu Desktop 12.04 LTS.

Configuration of Mozilla Firefox.

Go to the menu "Edit" -> select "Preferences" -> select "Advanced". Go to the tab "Network" -> select "Setting". Then select "Manual proxy configuration" and enter to "HTTP Proxy" 127.0.0.1, port 8080. Burp Suite listens this port by default.

Configuration of Burp Suite.

We need Java Runtime Environment (JRE) in order to run Burp Suite.

java -jar -Xmx1024m burp.jar

Then go to the tab "Proxy", select "Options" and check configuration of "Proxy Listeners". Status "Running" must be active.

Then go to the tab "Options", select "Connections" and enable option "Use SOCKS Proxy". SOCKS proxy host is 127.0.0.1 and SOCKS proxy port is 9050.

Configuration of Tor.

Check configuration in the file /etc/tor/torrc:

SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost

Then enable DNS listener. Go to the file /etc/tor/torrc and add lines:

DNSPort 53
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion

Restart Tor.

Configuration is completed.

CAPTCHA vs Brute-Force Attack