June 2011

'Invisible Intercept' Function of Burp

The little used 'invisible intercept' function in Burp can be useful if testing basic client applications that do not support proxy settings, or in the case of the test I was on this week, to intercept Flash applications (that do not honour proxy settings in Chrome). Unfortunately there is little information on how to actually force your [locally generated] traffic through the proxy using iptables.

How to Detect Transparent Proxies

Ever wondered if your web traffic is being silently intercepted by a transparent proxy? Chances are if you are running on mobile broadband your provider will be saving bandwidth, by rerouting your traffic to cache content and perform image compression. You may come across transparent proxies used for logging purposes, AUP enforcement and sometimes evil (http://www.ex-parrot.com/pete/upside-down-ternet.html - the old trick of inverting all images on a web page).