Understanding the Burp Suite Proxy: The Feature That Changes How You See Websites(#3)

You open a browser.

Visit a website.

Click a button.

Get a response.

End of story.

Or is it?

What if I told you that every click, login, search, and purchase creates a conversation between your browser and a server?

And what if you could pause that conversation, inspect it, modify it, and then decide whether to let it continue?

That's exactly what the Burp Suite Proxy does.

And once you understand it, you'll never look at websites the same way again.

The Internet Is One Giant Conversation

Imagine you're sending a letter.

Normally the process looks like this:

You
 ↓
Post Office
 ↓
Recipient

You
 ↓
Post Office
 ↓
Recipient

The letter goes directly to its destination.

You don't stop it.

You don't inspect it.

You don't modify it midway.

Web browsers work similarly.

When you visit a website:

Browser
 ↓
Website

Browser
 ↓
Website

Your browser sends requests.

The website sends responses.

Everything happens automatically.

Most users never see any of it.

What Happens When You Click Login?

Suppose you visit:

https://example.com/login

https://example.com/login

You enter:

Username: john
Password: mypassword

Username: john
Password: mypassword

And click:

Login

Login

Behind the scenes your browser might send something like:

POST /login HTTP/1.1
Host: example.com
username=john
password=mypassword

POST /login HTTP/1.1
Host: example.com
username=john
password=mypassword

The server processes it and replies:

HTTP/1.1 200 OK
Welcome John

HTTP/1.1 200 OK
Welcome John

This entire exchange happens in milliseconds.

You only see:

Login Successful

Login Successful

You never see the actual conversation.

Why Is This a Problem for Security Researchers?

Imagine trying to inspect a package after it has already been delivered.

Impossible.

The same issue exists with web traffic.

Security researchers need to know:

• What data is being sent?
• What headers exist?
• What cookies are being used?
• What APIs are being called?
• What parameters can be modified?

Without visibility, testing becomes guesswork.

Enter Burp Suite Proxy

Burp places itself between your browser and the website.

Instead of:

Browser
 ↓
Website

Browser
 ↓
Website

You now have:

Browser
 ↓
Burp Suite
 ↓
Website

Browser
 ↓
Burp Suite
 ↓
Website

Every request passes through Burp first.

Every response comes back through Burp.

Now you can see everything.

Think of Burp as a Security Checkpoint

Imagine a highway.

Normally:

Car ─────────► Destination

Car ─────────► Destination

Nobody stops the vehicle.

Nobody checks what's inside.

Now imagine a checkpoint.

Car
 ↓
Checkpoint
 ↓
Destination

Car
 ↓
Checkpoint
 ↓
Destination

The checkpoint can:

✓ Inspect

✓ Record

✓ Modify

✓ Block

✓ Allow

That's exactly what Burp does for web traffic.

A Real Example

Let's visit:

https://example.com/search

https://example.com/search

Search for:

laptop

laptop

Without Burp:

Browser
 ↓
Website

Browser
 ↓
Website

Everything happens invisibly.

With Burp:

Browser
 ↓
Burp
 ↓
Website

Browser
 ↓
Burp
 ↓
Website

Burp captures:

GET /search?q=laptop HTTP/1.1
Host: example.com

GET /search?q=laptop HTTP/1.1
Host: example.com

Now you can see the request.

But here's where things get interesting.

What If We Change the Request?

Instead of:

q=laptop

q=laptop

Change it to:

q=mobile

q=mobile

Or:

q=admin

q=admin

Or:

q=test

q=test

Then send it.

You're now actively testing how the application behaves.

This is the foundation of web application security testing.

How Burp Captures Traffic

Burp works as a Proxy Server.

By default it listens on:

127.0.0.1:8080

127.0.0.1:8080

Meaning:

IP Address : 127.0.0.1
Port       : 8080

IP Address : 127.0.0.1
Port       : 8080

127.0.0.1 means:

"This computer."

So your browser sends traffic to Burp running on your machine.

Burp then forwards the traffic to the website.

Configuring Burp with Chrome

Now let's connect Burp to a browser.

Step 1: Open Burp Suite

Launch Burp Suite.

Create:

Temporary Project

Temporary Project

Choose:

Use Burp Defaults

Use Burp Defaults

Start Burp.

Step 2: Verify Proxy Listener

Navigate to:

Proxy → Options

Proxy → Options

You should see:

127.0.0.1:8080

127.0.0.1:8080

If present, Burp is ready.

Step 3: Configure Browser Proxy

In Chrome:

Settings

↓

System

↓

Open Your Computer's Proxy Settings

Configure:

Proxy Address:
127.0.0.1
Port:
8080

Proxy Address:
127.0.0.1
Port:
8080

Save.

Now Chrome sends traffic through Burp.

Why Websites Suddenly Stop Loading

Most beginners panic here.

They configure the proxy.

Open Google.

Nothing loads.

Why?

Because Burp is intercepting traffic.

Go to:

Proxy
 ↓
Intercept

Proxy
 ↓
Intercept

You'll see:

Intercept is ON

Intercept is ON

Every request is waiting for your approval.

Click:

Forward

Forward

Traffic continues.

Mystery solved.

HTTPS Will Break Initially

Modern websites use HTTPS.

The browser expects trusted certificates.

Burp generates its own certificate to inspect encrypted traffic.

Without installing Burp's certificate you'll often see:

Your connection is not private

Your connection is not private

or

Certificate Error

Certificate Error

This is normal.

We'll cover certificate installation in detail in the next chapter.

For now just understand:

HTTPS
+
Proxy
=
Certificate Required

HTTPS
+
Proxy
=
Certificate Required

The Easier Method: Burp's Built-In Browser

Recent versions of Burp include their own browser.

This is the easiest option for beginners.

No manual proxy configuration.

No browser settings.

No confusion.

Launching Burp Browser

Inside Burp:

Proxy
 ↓
Intercept
 ↓
Open Browser

Proxy
 ↓
Intercept
 ↓
Open Browser

Or:

Proxy
 ↓
Open Browser

Proxy
 ↓
Open Browser

(depending on Burp version)

A Chromium-based browser opens automatically.

Everything is already configured.

Burp and the browser work together immediately.

Opening Websites in Burp Browser

Simply enter a URL:

https://google.com

https://google.com

or

https://portswigger.net

https://portswigger.net

Just like a normal browser.

Except now every request is visible inside Burp.

This is why many professionals use Burp Browser during assessments.

Less setup.

Fewer issues.

Faster testing.

Which Method Should Beginners Use?

Option 1:

Chrome + Manual Proxy

Chrome + Manual Proxy

Advantages:

✓ Learn how proxies actually work

✓ Understand browser configuration

✓ Better networking knowledge

Option 2:

Burp Browser

Burp Browser

Advantages:

✓ Faster setup

✓ Fewer certificate issues

✓ Beginner-friendly

Recommendation:

Start with Burp Browser.

Then later learn manual proxy configuration.

Understanding both approaches is valuable.

What the Proxy Tab Actually Does

The Proxy tab is responsible for:

✓ Capturing requests

✓ Capturing responses

✓ Viewing traffic

✓ Intercepting traffic

✓ Modifying traffic

✓ Forwarding traffic

Every other Burp tool depends on traffic first passing through the Proxy.

Which is why many professionals call it:

The heart of Burp Suite.

Common Beginner Mistakes

Forgetting Intercept Is On

Most common issue.

Traffic appears broken.

In reality Burp is waiting for you to click:

Forward

Forward

Wrong Port Number

Burp default:

8080

8080

Using the wrong port prevents communication.

Ignoring HTTPS Certificates

Without Burp's certificate:

HTTPS traffic may fail.

This is expected.

Thinking Burp Is Broken

In most cases:

Burp isn't broken.

The browser simply isn't configured correctly.

Always verify:

127.0.0.1
8080

127.0.0.1
8080

first.

Key Takeaways

✓ Browsers normally communicate directly with websites

✓ Burp inserts itself between the browser and the server

✓ This allows visibility into requests and responses

✓ Burp acts as a proxy server

✓ Default listener is 127.0.0.1:8080

✓ You can configure Chrome manually

✓ You can use Burp Browser for easier setup

✓ Every major Burp feature depends on the Proxy

✓ Understanding the Proxy is understanding Burp itself