Proxying BurpSuite through TOR

From time to time I have the need to test or verify a web application vulnerability through the TOR network using BurpSuite. The easiest way to do this to use the pre-bundled TOR Browser.
Configuration is fairly easy:

  1. Download, Install and Start the TOR Browser:
    Screen Shot 2015-12-18 at 8.05.24 AM
  2. Verify that the SOCKS proxy is started on 127.0.0.1:9150
    Screen Shot 2015-12-18 at 8.06.54 AM
  3. Configure Burp (Options > Connections > Upstream Proxy Servers)
    Screen Shot 2015-12-18 at 8.09.18 AM
  4. Then…

    (Legally with proper permission of course!)

Pro Tips:
TorBrowser has to stay running while using Burp.
Verify the Proxy is still active if you have to restart Burp.
The TOR network runs slow sometimes.
Some web hosts block TOR traffic.
Dry clean only.

Site Footer