Enhancing BurpSuite Scanner with Dual Proxy Setup

Listen to this Post

Featured Image
BurpSuite’s built-in scanning engine is powerful but has limitations, such as:

1. Scanner requests not being saved to History

2. Difficulty combining with extensions like Collaborator Everywhere

3. Challenges in modifying requests during scans

A workaround is proxying scanner requests through a second BurpSuite instance:

Step-by-Step Implementation

1. Launch Two BurpSuite Instances

  • First instance (Burp “Scanner”):
    java -jar burpsuite_pro.jar & 
    
  • Second instance (Burp “Proxier”):
    java -jar burpsuite_pro.jar & 
    

2. Configure Scanner Instance

  • Set Listening Proxy to `localhost:8080`
  • Set Upstream Proxy to `localhost:9999`

3. Configure Proxier Instance

  • Set Listening Proxy to `localhost:9999`

4. Initiate Scan

  • Run the scan from the Scanner instance.
  • All requests will forward to the Proxier instance and appear in Proxy History.

5. Enhancements

  • Activate extensions (e.g., Collaborator Everywhere):
    Extender > BApp Store > Install Collaborator Everywhere 
    
  • Modify requests dynamically via Proxy > Intercept.

You Should Know:

Essential BurpSuite Commands & Tricks

  • Start BurpSuite Headless (Linux):
    java -jar -Xmx4G burpsuite_pro.jar --use-defaults --config-file=my_config.json 
    
  • Automate with Python (Burp API):
    from burp import IBurpExtender 
    class BurpExtender(IBurpExtender): 
    def registerExtenderCallbacks(self, callbacks): 
    self._callbacks = callbacks 
    self._helpers = callbacks.getHelpers() 
    callbacks.setExtensionName("Custom Scanner") 
    
  • Log Scanner Traffic (Bash):
    tcpdump -i lo -w burp_traffic.pcap port 9999 or port 8080 
    
  • Modify Requests via Macros:
    Project Options > Sessions > Macros > Add 
    

Expected Output:

  • Scanner requests stored in Proxy History.
  • Enhanced scans via extensions.
  • Real-time request manipulation.

What Undercode Say

Combining multiple BurpSuite instances unlocks advanced scanning flexibility. This method is particularly useful for:
– Bug Bounty Hunters needing historical request logs.
– Pentesters integrating custom extensions.
– DevSecOps automating dynamic scans.

For further reading:

Prediction

As web app attacks evolve, BurpSuite will likely integrate native dual-proxy support, reducing manual setup overhead. Meanwhile, this workaround remains a must-know for advanced testers.

Expected Output:

[+] Scanner requests logged in Proxy History 
[+] Collaborator Everywhere active 
[+] Real-time request modification enabled 

IT/Security Reporter URL:

Reported By: Aaandrei %F0%9D%90%96%F0%9D%90%A1%F0%9D%90%A2%F0%9D%90%A5%F0%9D%90%9E – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram