How Burp Suite and Firefox Work Together
Setting up Burp Suite with Firefox lets you inspect, modify, and replay web traffic in a controlled testing environment.
This setup is essential for web application security testing, especially when you need to review HTTP requests, analyze cookies, or troubleshoot client-side behavior.
The basic idea is simple: Firefox sends its traffic through Burp Suite acting as a local proxy.
Burp then captures the requests and responses, allowing you to study how a site behaves and identify security issues such as weak input handling, missing security headers, or insecure session management.
What You Need Before You Start
Before configuring anything, make sure you have the right tools and permissions.
Burp Suite is available from PortSwigger, and Firefox should be installed and updated to a current stable release.
- Burp Suite Community Edition or Burp Suite Professional
- Mozilla Firefox desktop browser
- Permission to test the target application
- A local system where Burp can listen on a proxy port, usually 127.0.0.1:8080
If you plan to intercept HTTPS traffic, you will also need to install Burp’s CA certificate into Firefox so the browser trusts Burp’s generated certificates.
How to Set Up Burp Suite with Firefox
1. Start Burp Suite and confirm the proxy listener
Open Burp Suite and go to the Proxy section.
Burp typically listens on 127.0.0.1:8080 by default, but you should verify the listener in the Proxy settings before changing browser configuration.
If the listener is not active, enable it or create a new one.
Use a loopback address such as 127.0.0.1 so only your local machine connects to Burp unless you intentionally need a different setup.
2. Configure Firefox to use Burp as its proxy
In Firefox, open the browser settings and search for Network Settings.
Select Manual proxy configuration and enter the Burp listener details.
- HTTP Proxy: 127.0.0.1
- Port: 8080
- HTTPS Proxy: 127.0.0.1
- Port: 8080
Make sure the option to use this proxy for all protocols is enabled if available.
This ensures that both HTTP and HTTPS traffic routes through Burp.
3. Test the proxy connection
After saving the proxy settings, visit any website in Firefox while Burp’s Intercept or HTTP history tabs are open.
If the setup is correct, you should see the request appear in Burp immediately.
At this stage, HTTP traffic may work right away, but HTTPS sites will often show certificate warnings until Burp’s certificate is trusted by Firefox.
That is expected and fixable.
Install the Burp CA Certificate in Firefox
To inspect HTTPS traffic without browser errors, Firefox must trust Burp’s certificate authority.
Burp creates a local CA that signs certificates on the fly for the sites you visit.
Download the CA certificate from Burp
In Burp Suite, open the built-in browser or visit http://burp from Firefox while the proxy is active.
Download the CA certificate file from the Burp certificate page.
Import the certificate into Firefox
In Firefox settings, search for Certificates and open the certificate management area.
Import the Burp CA certificate and trust it for identifying websites.
This step allows Firefox to accept Burp-generated certificates, which is what makes HTTPS interception possible.
Without it, Firefox will block or warn on secure connections.
Verify HTTPS Interception
Once the CA certificate is installed, revisit an HTTPS site such as a login page or a modern web app.
You should now see the traffic in Burp without certificate warnings.
Check the following in Burp Suite:
- Proxy > HTTP history shows requests and responses
- Intercept can pause and modify requests before forwarding
- Target site map begins building automatically from visited URLs
If HTTPS still fails, confirm that Firefox is using the correct proxy, the Burp listener is active, and the certificate was imported into the correct Firefox profile.
Useful Firefox Settings for Burp Testing
Firefox offers a few options that make Burp testing more stable and predictable.
Use a dedicated browser profile
A separate Firefox profile keeps security testing isolated from personal browsing.
It also makes it easier to manage proxy settings, certificates, and extensions without affecting your main profile.
Disable conflicting extensions
Privacy or security extensions can interfere with intercepted traffic, alter headers, block scripts, or change page behavior.
Disable unnecessary add-ons when testing to reduce noise.
Check DNS and system proxy behavior
Some environments resolve DNS outside the proxy, while others may use system-wide proxy settings.
If a request does not appear in Burp, verify that Firefox is not bypassing the manual proxy configuration through another network rule or extension.
Common Problems When Using Burp Suite with Firefox
Firefox shows certificate errors
This usually means the Burp CA certificate is missing, not trusted, or installed in the wrong Firefox profile.
Re-import the certificate and ensure it is marked to trust websites.
Requests do not appear in Burp
Check whether Firefox is actually using the proxy settings you configured.
Also confirm that Burp is listening on the same IP address and port entered in Firefox.
Pages load slowly or not at all
Burp may be set to intercept requests and waiting for you to forward them.
Turn off interception when you want normal browsing, or inspect the action buttons in the Proxy tab to continue the request flow.
Some content loads, but not all
Modern web apps often use APIs, WebSockets, and subresource requests.
Make sure the traffic is not being filtered by browser extensions, mixed proxy rules, or a misconfigured listener scope in Burp.
Best Practices for Efficient Web Testing
Once you know how to set up Burp Suite with Firefox, a few habits will make your workflow faster and cleaner.
- Use Scope rules to focus on your target application
- Keep Intercept off unless you need to modify traffic
- Organize work with separate Firefox profiles for different projects
- Review site map, headers, parameters, and cookies systematically
- Capture authenticated and unauthenticated flows to compare behavior
These practices help you work like a web application security tester instead of just a passive observer.
They also reduce the chance of missing important requests buried in noisy traffic.
When This Setup Is Most Useful
This configuration is especially valuable during penetration testing, bug bounty research, secure development, and troubleshooting authentication workflows.
Burp Suite and Firefox together provide a practical view of how browsers communicate with APIs, identity providers, and application servers.
It is also a strong starting point for testing common issues such as CSRF defenses, insecure cookies, open redirects, parameter tampering, and client-side validation flaws.
Quick Setup Checklist
- Install Burp Suite and Firefox
- Confirm Burp’s proxy listener is active on 127.0.0.1:8080
- Set Firefox to use the manual proxy
- Download Burp’s CA certificate
- Import and trust the certificate in Firefox
- Verify HTTP and HTTPS traffic appears in Burp
- Use a dedicated profile and scope rules for cleaner testing