FoxyProxy with Edge
結論 Conclusion
在平時常用的Edge瀏覽器使用攔截封包的插件FoxyProxy,對於資安健檢的工作非常方便,關鍵在於要記得將Burp產出的憑證匯入Edge瀏覽器的受信任憑證類別裡面,再搭配插件啟用開關就可以攔截封包。
The FoxyProxy extension for the Edge browser is very convenient for packet interception in security health checks. The key lies in remembering to import the credentials generated by Burp into the Edge browser’s trusted certificate category and then enabling the plugin switch to intercept packets.
問題 Question
要怎麼在1分鐘之內設定好Edge攔截封包的功能?
How can I set up packet interception in Edge within one minute?
解說 Explanation
- 下載Burp Suite Community
- Edge插件下載FoxyProxy並安裝,安裝完成記得點選always在工具列顯示,這樣就會有小狐狸標示出現在瀏覽器上方。
- FoxyProxy點選「選項(Option)」,切換至「Proxies」頁籤點選「新建(Create)」,填入「標題(如Burp)、Hostname(如127.0.0.1)、 連接埠Port(如8080)」,確定新建。
- 使用Burp Suite切換到頁籤「Proxy」,點選齒輪「Proxy settings」,點擊「Import/export CA certificate」,點選「Certificate in DER format」,點選右下角「Next」,先按「Select file」選擇要儲存憑證的資料夾位址,幫憑證輸入名稱及副檔名der,如「Burp.der」,點選右下角「Next」。
- 回到Edge瀏覽器插入剛才憑證,點選瀏覽器右上角的3個圓點點,點擊設定,點擊左邊「隱私權、搜尋與服務」,下拉頁面至「安全性」,點選「管理憑證」,切換到「受信任的跟憑證授權單位」,點擊左下角的「匯入」,匯入剛才新增的憑證「Burp.der」,右下角記得點選「所有檔案*.*」,才看得到憑證,點擊後匯入,在原本受信任憑證的選單下拉至P開頭,就會看到Burp憑證「PortSwigger CA」,這樣就代表憑證匯入成功(photo 1)。
- 回到Burp Suite頁籤「Proxy」,切換到「Intercept」,點擊「Intercept is off」切換為「Intercept is on」。
- 再回到Edge瀏覽起點擊右上角剛才安裝的FoxyProxy(小狐狸圖示),點選新增的Burp攔截封包,此時連線到要擷取封包的網頁按下enter就可以成功在Burp Suite看到剛才攔截的封包(photo 2)。
- Download Burp Suite Community
- Install FoxyProxy Extension for Edge
— Go to the [FoxyProxy extension page]
— Click “Get” to install the extension.
— After installation, click “Always show” in the toolbar settings. This will display the little fox icon at the top of your browser. - Configure FoxyProxy
— Click the FoxyProxy icon.
— Switch to the “Proxies” tab and click “New.”
— Fill in the details:
— Title (e.g., “Burp”)
— Hostname (e.g., “127.0.0.1”)
— Port (e.g., “8080”)
— Confirm the new proxy configuration. - Configure Burp Suite
— Open Burp Suite and switch to the “Proxy” tab.
— Click the gear icon for “Proxy settings.”
— Click “Import/export CA certificate.”
— Choose “Certificate in DER format.”
— Click “Next” and select the folder where you want to save the certificate.
— Name the certificate (e.g., “Burp.der”).
— Click “Next.” - Import the Certificate into Edge
— In the Edge browser, click the three dots in the upper right corner.
— Go to Settings.
— On the left, navigate to “Privacy, search, and services.”
— Scroll down to “Security.”
— Click “Manage certificates.”
— Switch to the “Trusted Root Certification Authorities” tab.
— Click “Import” in the lower left corner.
— Import the certificate you created earlier (“Burp.der”).
— Make sure to select “All files (*.*)” to see the certificate.
— Click “Import.”
— You should see the “PortSwigger CA” certificate under trusted certificates (photo 1). - Enable Intercept in Burp Suite
— Go back to Burp Suite and switch to the “Intercept” tab.
— Click “Intercept is off” to switch it to “Intercept is on.” - Test Packet Capture
— Return to the Edge browser.
— Click the FoxyProxy icon (the little fox) you installed earlier.
— Select the newly created Burp intercept profile.
— Now, when you navigate to a webpage, press Enter, and you’ll see the intercepted packets in Burp Suite (photo 2).
有任何認知不正確的部分歡迎與小弟討論,感謝。
If there are any inaccuracies in my understanding, I welcome a discussion to correct them. Thank you.
備註:本文章及本部落格內容僅供教學參考使用,請勿侵犯著作權,切勿使用於違法意圖及手段。
Note: This article and the content within this blog are for educational reference purposes only. Please refrain from infringing upon copyrights and avoid using them for illegal intentions or means.
