Using Proxify as an Upstream Proxy with Burp Suite

By /

Listen to this Post

Featured Image
Did you know you can set Proxify as an upstream proxy? Here’s how you do it!

Proxify, developed by ProjectDiscovery, is a versatile tool that enhances web traffic interception and manipulation, especially when combined with Burp Suite. Below is a step-by-step guide to configuring Proxify as an upstream proxy and leveraging its capabilities for security testing.

You Should Know:

1. Install Proxify

First, download and install Proxify from GitHub:

go install github.com/projectdiscovery/proxify@latest

2. Run Proxify

Start Proxify with default settings:

proxify -http-port 8888 -https-port 8889

This sets up Proxify to listen on ports `8888` (HTTP) and `8889` (HTTPS).

  1. Configure Burp Suite to Use Proxify as an Upstream Proxy
    • Open Burp Suite → Proxy → Options.
    • Under Proxy Listeners, edit the current listener.
    • Navigate to the Request Handling tab.
    • Enable “Support invisible proxying” and set “Upstream Proxy Server” to:
    • Host: `127.0.0.1`
    • Port: `8888` (for HTTP) or `8889` (for HTTPS).

4. Verify Traffic Forwarding

  • Send a request through Burp Suite.
  • Observe the User-Agent change in Proxify logs, indicating successful forwarding.

5. Advanced Proxify Commands

  • Logging requests/responses: 
    proxify -http-port 8888 -https-port 8889 -output-dir ./logs
  • Enable request/response modification: 
    proxify -http-port 8888 -https-port 8889 -rules config.yaml

(Define rules in `config.yaml` for automated modifications.)

6. Automating with Proxify

Proxify can be integrated into automated recon workflows:

proxify -http-port 8888 -https-port 8889 -output-json -silent | jq .

7. Debugging & Troubleshooting

  • Check Proxify logs for errors: 
    tail -f proxify.log
  • Verify Burp Suite’s upstream proxy settings if traffic isn’t forwarding.

What Undercode Say:

Proxify enhances security testing by acting as a middleware between Burp Suite and target servers, allowing for seamless automation and traffic manipulation. Combining it with tools like curl, nmap, or `httpx` extends its utility:

curl -x http://127.0.0.1:8888 http://example.com

nmap -Pn -sS -p 80,443 --script http-title --proxies http://127.0.0.1:8888 example.com

For Windows users, PowerShell can also interact with Proxify: 

Invoke-WebRequest -Uri "http://example.com" -Proxy "http://127.0.0.1:8888"

Expected Output:

A fully automated recon pipeline where Burp Suite forwards traffic to Proxify, logs are stored for analysis, and dynamic modifications are applied via rules.

Prediction:

As security automation grows, tools like Proxify will become essential in bridging manual and automated testing, reducing repetitive tasks, and improving efficiency in bug bounty and penetration testing workflows.

Reference:

References:

Reported By: Projectdiscovery Proxify – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: