Thursday 13 September 2007

Burp. Excuse me.

I had a look at Burp proxy recently. If you haven't heard of Burp before, it's a debug proxy that has one unique advantage over the likes of Fiddler: you can manually intercept, modify, and forward individual requests and responses.

Burp is a little Java app and you don't need to install it in order to get up and running. Although the program worked as advertised, my biggest gripe is that you have to manually configure your browser proxy settings to use localhost:8080--Fiddler just works by comparison).

As I'm on a corporate network, I also had to figure out where to configure my domain account/password. The server returned security errors without this. Once set, it's done but I'm naturally wary of supplying my password to a potentially "black" app like this (I run as Admin on my dev box...); our security policy also requires I change my password every thirty days so this is just one more location I need to update my password every month.

The proxy works as advertised, stopping at every request/response passing through and allowing you to modify it, drop it, or forward it on. You can exclude requests for certain media types and automatically modify other aspects of the headers or content. I'm primarily using the proxy to inject an X-Forwarded-For header.

No comments:

Post a Comment

Spam comments will be deleted

Note: only a member of this blog may post a comment.