Using BurpSuite with TOR for Anonymously Penetration Testing

Introduction

The Tor Browser is the official web browser of the Tor Project. Its design focuses on allowing the user to browse the web with a high level of anonymity.

The Tor Browser is primarily a modified Firefox browser. It uses Tor Launcher software to connect to the anonymous Tor network and NoScript and HTTPS Everywhere Firefox extensions to ensure connections are encrypted and no JavaScript is running.
While browsing the Internet with the Tor Browser, a user can be relatively certain that no identifying information will be passed to the web sites they are connecting to; including the IP Address and the MAC address of their computer. Versions of the Tor Browser are available for the OS X, Windows, and Linux operating systems.

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Usage

  1. Installing Tor and start Tor service
  2. Make sure that the SOCKS proxy is started on 127.0.0.1:9050
  3.  Configure Burp (Users Options > Connections > SOCK Proxy)
  4. Enjoy!

https://www.youtube.com/watch?v=MPCCvcf_LX4