HTTP Proxy Override

Set up a HTTP proxy forwarding for your app. Usually with combination of Burp Suite web proxy.

OS Linux - Terminal

The app or a library has to be coded to reflect these specific environment variables. Otherwise, explore a specific app configuration or CLI parameters for HTTP proxy features.

export http_proxy='127.0.0.1:8080'    
export https_proxy='127.0.0.1:8080'

You can unset back the variables by

unset http_proxy
unset https_proxy

Metasploit

msf> set Proxies http:127.0.0.1:8080

There are different types of proxies you can define.

set Proxies socks4:127.0.0.1:5555
set Proxies socks5:127.0.0.1:5555

Java (VM)

Forward HTTP/HTTPS traffic for your Java app to Burp Suite Proxy. The same analogy applies to FTP, explore the following Java documentation.

HTTP

Before you start your java application, add the following parameters to JVM.

java -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080

HTTP & HTTPS

"%JAVA_HOME%\bin\java" …  
-Dhttp.proxyHost=127.0.0.1 
-Dhttp.proxyPort=8080
-Dhttps.proxyHost=127.0.0.1      
-Dhttps.proxyPort=8080 
-Dhttp.nonProxyHosts=localhost 
-Djavax.net.ssl.trustStore=C:\Users\Administrator\.keystore
-Djavax.net.ssl.trustStorePassword=changeme

HTTPS Troubleshooting - add the following JVM parameter to track SSL/TLS handshake and certificate look up errors Djavax.net.debug=ssl,handshake

Create Java Keystore

Briefly, Java Key Store (JKS) is a secured storage protected by password (trustStorePassword).

cd %JAVA_HOME%/bin
keytool.exe -keystore C:/Users/Administrator/.keystore -genkey -alias client

Import certificate (CER or DER)

keytool.exe -importcert -file certificate.cer -keystore C:\Users\Administrator\.keystore -alias "BurpCert"

Visual Studio 2015|2019

Find VS software home (installation directory)

%ProgramFiles%\Microsoft Visual Studio\2019\Enterprise\Common7\IDE%

edit devenv.exe.config file

<system.net>
<defaultProxy useDefaultCredentials="true" enabled="true">
    <proxy bypassonlocal="true" proxyaddress="http://127.0.0.1:8080" />
</defaultProxy>
</system.net>

with authentication option

<system.net>
<defaultProxy useDefaultCredentials="true" enabled="true">
    <proxy bypassonlocal="true" proxyaddress="http://Username:Password@yourproxyaddress.net:8080" />
</defaultProxy>
</system.net>

PreviousBug Bounty - Web Recon NextCSV Injection

Last updated 2 years ago

Was this helpful?