Are you using Burp inside a network that uses a Proxy Auto-Config (PAC) script to dynamically determine which upstream proxies to use for some given host or hosts?
Are you lazy and just want an extension to figure this out auto-magically, without any user interaction?
Well then, the Burp Proxy Auto-Config (PAC) extension is for you! It automatically configures project-level upstream proxies for use by Burp based upon the desktop environment. It uses proxy-vole, which has support for PAC scripts built-in, in addition to supporting Java properties and environmental variables.
Q: I installed the extension but don't see anything to configure! How do I configure it?
A: Currently, there's nothing to configure! Once enabled, it automatically adds upstream proxies. Don't like that? Unload and/or remove the extension. Once unloaded, it should remove those upstream proxies it added, and only those.
Q: Will this extension screw up my other extensions?
A: Hopefully not! If you suspect something, please file an issue.
Q: How can I troubleshoot an upstream proxy issue that this extension might be causing?
A: Once Feature #2 is implemented, there will be a UI to aid in troubleshooting. Otherwise, manually inspecting the project-level upstream proxies should also help.
Q: Does this extension mess with my Burp settings?
A: Yes, by design it modifies the current project-level settings to add upstream proxies. It also will automatically enable "Project options" → "Upstream Proxy Servers" → "Override user options" due to limitations in the Burp Extender API. It currently does not reset this value.
Similarities:
- Both extensions use a library that evaluates the JavaScript PAC file within a Rhino ScriptEngine. However, this extension uses the newer version of proxy-vole. Proxy PAC uses an older unsupported version.
Differences:
- The "Proxy PAC" extension is written in Python and executed via Jython. This extension is written in Java.
- "Proxy PAC" starts a local web proxy via another thread. The user manually configures Burp to use this local web proxy. The proxy then initiates a client connection to whatever upstream proxy server, adding additional network latency per-request. This extension does not start a local web server. Rather, it modifies Burp's project-level configuration to add a per-host server to it. This is all automatic. Burp then handles making the upstream request directly.
- "Proxy PAC" does not seem to have any test case coverage, which makes modifications more challenging #yolo. This extension has some test case coverage.
This plugin assumes the following are trusted sources of proxy information:
- Java proxy settings configured when Burp was launched
- Desktop proxy settings, including any configured proxy auto-configuration scripts
- Certain environmental variables