Burp Suite TLS Connection: What’s Happening?

TL;DR

Burp Suite initiating a TLS connection to your IP address on port 443 usually means you are testing a web application that is hosted on your machine or network. Burp acts as a proxy, intercepting and allowing you to inspect the traffic between your browser and the server.

Understanding What’s Going On

Burp Suite is a powerful tool for web application security testing. When it connects to port 443 on your IP address, it’s attempting to establish a secure (HTTPS) connection with a web server running there. Here’s a breakdown of why this happens and what you should know:

Steps to Investigate & Confirm

1. Confirm You’re Running a Web Server: The most common reason for this is that you have a web server (like Apache, Nginx, IIS, or even a development server like Python’s SimpleHTTPServer) running on your machine. Check if any such servers are active.
   • Linux/macOS: Use commands like netstat -tulnp or ss -tulnp to list listening ports and associated processes.
   • Windows: Open the Task Manager, go to the ‘Services’ tab, and look for web server services (e.g., World Wide Web Publishing Service). You can also use netstat -ano | findstr :443 in Command Prompt.
2. Check Burp Suite Configuration: Verify your Burp Suite proxy settings.
   • Open Burp Suite and go to ‘Proxy’ → ‘Options’.
   • Ensure the ‘Listener’ is configured correctly. The default usually listens on 127.0.0.1 (localhost) port 8080, but you might have changed it.
   • Confirm your browser is configured to use Burp Suite as its proxy (usually localhost:8080).
3. Browser Proxy Settings: Double-check that your web browser is actually using Burp Suite as a proxy.
   • Chrome/Edge: Go to ‘Settings’ → ‘System’ → ‘Proxy settings’. Ensure the manual proxy configuration points to Burp Suite’s listener address and port.
   • Firefox: Go to ‘Preferences’ → ‘General’ → ‘Network Settings’ → ‘Settings…’. Ensure Firefox is using a manual proxy configuration pointing to Burp Suite.
4. Inspect the Traffic in Burp Suite: Look at the ‘Proxy’ tab in Burp Suite.
   • You should see HTTP(S) requests appearing as you browse websites. If you’re testing a local server, browsing to https://localhost or your machine’s IP address should generate traffic.
   • If the connection is failing, check Burp Suite’s ‘Intercept’ tab – it might be blocking the request.
5. SSL Certificate Issues: If you are using a self-signed certificate on your local server, Burp Suite may need to trust that certificate.
   • Go to ‘Proxy’ → ‘Options’ → ‘HTTPS’.
   • Import the certificate of your web server into Burp Suite’s trusted store.

Possible Scenarios

• Local Development: You are testing a web application you’re building on your local machine.
• Penetration Testing: You’re performing security tests against a web server hosted on your network.
• Debugging: You’re using Burp Suite to debug HTTP(S) traffic between your browser and a server.