From time to time I have the need to test or verify a web application vulnerability through the TOR network using BurpSuite. The easiest way to do this to use the pre-bundled TOR Browser.
Configuration is fairly easy:
- Download, Install and Start the TOR Browser:
- Verify that the SOCKS proxy is started on 127.0.0.1:9150
- Configure Burp (Options > Connections > Upstream Proxy Servers)
- Then…
(Legally with proper permission of course!)
Pro Tips:
TorBrowser has to stay running while using Burp.
Verify the Proxy is still active if you have to restart Burp.
The TOR network runs slow sometimes.
Some web hosts block TOR traffic.
Dry clean only.
