- In Burp’s (
Proxy>Intercept), we can click onOpen Browser, which will open Burp’s pre-configured browser, and automatically route all web traffic through Burp - In ZAP, we can click on the Firefox browser icon at the end of the top bar, and it will open the pre-configured browser
To use Firefox with our web proxy tools, we must first configure it to use them as the proxy. We can manually go to Firefox preferences and set up the proxy to use the web proxy listening port. Both Burp and ZAP use port 8080 by default, but we can use any available port.
In case we wanted to serve the web proxy on a different port, we can do that in Burp under (Proxy>Options), or in ZAP under (Tools>Options>Local Proxies). In both cases, we must ensure that the proxy configured in Firefox uses the same port.
Instead of manually switching the proxy, we can utilize the Firefox extension Foxy Proxy to easily and quickly change the Firefox proxy. This extension is pre-installed in your PwnBox instance and can be installed to your own Firefox browser by visiting the Firefox Extensions Page and clicking Add to Firefox to install it.
Installing CA Certificate
We can install Burp’s certificate once we select Burp as our proxy in Foxy Proxy, by browsing to http://burp, and download the certificate from there by clicking on CA Certificate:
To get ZAP’s certificate, we can go to (Tools>Options>Dynamic SSL Certificate), then click on Save
Once we have our certificates, we can install them within Firefox by browsing to about:preferences#privacy, scrolling to the bottom, and clicking View Certificates:
After that, we can select the Authorities tab, and then click on import, and select the downloaded CA certificate
Finally, we must select Trust this CA to identify websites and Trust this CA to identify email users, and then click OK