TL;DR
Get traffic from a device that doesn’t know about your Burp proxy flowing through it using SSH tunneling. This guide shows you how to set up an SSH tunnel as a SOCKS proxy for Burp.
Setting Up the SSH Tunnel
- Find Your Server’s IP Address: You’ll need the public IP address of your server (the machine running Burp). If you don’t know it, you can use a service like WhatIsMyIP.
- Connect via SSH: Use an SSH client (like PuTTY on Windows or the built-in `ssh` command on macOS/Linux) to connect to your server.
ssh username@server_ip_address - Create the SOCKS Proxy Tunnel: Once connected, create an SSH tunnel that forwards traffic as a SOCKS proxy. Replace local_port with a port number on your local machine (e.g., 1080) and server_ip with your server’s IP address.
ssh -D local_port username@server_ip_address - Configure Burp Proxy: In Burp Suite, go to the ‘Proxy’ tab → ‘Options’.
- Select the ‘Proxy Listeners’ sub-tab.
- Add a new listener.
- Set the ‘Bind address’ to 127.0.0.1 (localhost).
- Set the ‘Port’ to the same local_port you used in the SSH tunnel command.
Configuring Your Device
- Configure System-Wide Proxy: On your non-proxy aware device, configure its network settings to use a SOCKS proxy.
- SOCKS Host: 127.0.0.1 (localhost)
- Port: The same local_port you used in the SSH tunnel and Burp configuration.
- Proxy Type: SOCKS5 is generally preferred, but SOCKS4 might work if SOCKS5 isn’t supported.
- Test the Connection: Open your device’s web browser and visit a website. Check Burp Suite to see if the traffic is being intercepted.
Troubleshooting
- Firewall Issues: Ensure that your server’s firewall allows connections on port 22 (SSH) and any other ports required by Burp.
- SSH Configuration: Check your SSH server configuration (`/etc/ssh/sshd_config`) to ensure it allows TCP forwarding. Look for the `AllowTcpForwarding` directive; it should be set to ‘yes’.
- Burp Listener Binding: Make sure Burp is listening on the correct interface (127.0.0.1) and port.