This edition of techblog is about setting up of a proxy server  in your machine. The tool that we are going to use for this tutorial is Burp Suite, which you download from the official website. The only requirement is that you should have Java Runtime Environment (JRE) or simply Java machine running in your system.

Why a localhost proxy?

Using a localhost proxy is the best way to analyse how the TCP connections are made and how we communicate with an external server. Though there are few other alternatives for Linux, I am going to use Burp Suite as it is cross-platform.

It allows us to see how the http header information is handled by the browser and how the addons in the browser (say in Firefox) communicate with the server. It enables you to check if any one of the add-ons or toolbars installed in your browser is performing some sort of spying.

The tool further helps us to manipulate the header information and see how the server is reacting to the change.

How to setup the proxy?

You can download the jar file from the website and issue the following command in order to run the proxy:

java –jar  /path_to_your_jar_file/file.jar

If you are in Windows, simply go to the downloaded folder and double click on the jar file. This will trigger the application to start.

You need to note that the proxy will be using the port 8080 by default. Hence if you have any application running in that port, the proxy will not be functional. In my case, I was running Apache tomcat6 in that port.

Once you have successfully started the proxy (and cross checked that the port is available for use), you can configure your browser for using the proxy. In Firefox go to Edit->Preferences (in Linux) or Tools—> Options (in Windows) and select the advanced options.

Then, select ‘network’ from the tabs displayed and click on ‘settings’. Now you can choose ‘Manual Proxy configuration’ and enter the following details

HTTP Proxy:localhost  Port:8080

You can perform similar steps (look for Tools—>Network settings and select Proxy from  Internet options) in Chrome and  Internet Explorer(IE).

If you are in Windows, you need to enable ‘running mode’ by going to the ‘proxy’ tab in the application. That’s it!

Analysing the header information

From the next time onwards when you try to connect to a website, the browser will send the request to the proxy which will then forward it to the server. For example, here is the header information sent by the browser when I tried to connect to this website.

GET / HTTP/1.1
Host: techblog.aasisvinayak.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: —edited————–
If-Modified-Since: Thu, 04 Mar 2010 23:13:44 GMT
Cache-Control: max-age=0

You can decide if you want to forward the request or block it (you can do the same by clicking on the corresponding buttons in the application).

The interesting feature is that the tool allows you to edit the header information sent and received. For example, here (see the picture shown below) I am editing the name of my operating system from ‘Ubuntu’ to a custom name. In this way, you can hide or manipulate the information sent to the server.

Similarly, if you send any information using the POST method, then you can see and edit the parameters directly from the proxy (just like you edit them in the URL, when you use the GET method).

The proxy server also offers a good GUI using which you can easily find and edit the parameters. 

If you wish to perform advanced level tasks, then you can define your own target scope – say if you want to monitor only a particular protocol connection alone , connections to/from certain ports and so on. It also allows to exclude a set of URLs by adding them to a list.

This can be used as a passive monitoring tool as well. All you need is to turnoff the intercept option. The traffic will still be flowing through proxy and it will automatically forward all the requests. And it will display all the header information using which you can monitor the traffic.