Quick Answer: To block HTTP/HTTPS traffic using Burp Suiteyou need to install Burp, configure the browser to use a proxy 127.0.0.1:8080then install the certificate Burp CA into the browser. When the feature is enabled Interceptevery request from the browser will go through Burp before reaching the server, allowing you to view and edit data.

When working with Web Securityobserving and editing HTTP requests is an extremely important skill. This is how security experts detect vulnerabilities such as SQL Injection, XSS, Authentication Bypass or debug API.

One of the most popular tools today is Burp Suite – web security testing toolkit by PortSwigger develop.

In this article, AnonyViet will guide you how to set up Burp Suite to:

• Block all web traffic from browsers
• Analyze HTTP request/response
• Decrypt HTTPS traffic with TLS Certificate

What is Burp Suite?

Burp Suite (often referred to as Burp) is a graphical tool that helps test Web application security.

It works like one intermediary proxy (MITM – Man in the Middle) between browser and server. When the request goes through Burp, you can:

• View all HTTP requests
• Edit parameters
• Header analysis
• Replay request
• API security testing

Burp Suite has many versions:

• Community Edition – free of charge
• Professional – for pentester
• Enterprise – large-scale security testing

This article uses version Community Edition.

What we will do

To block traffic with Burp Suite, you will take 3 main steps:

1. Download and install Burp Suite
2. Configure the browser to use Burp’s proxy
3. Install a TLS certificate to block HTTPS

Step 1: Download and install Burp Suite

You can download Burp Suite Community at PortSwigger’s official site:

https://portswigger.net/burp/communitydownload

Note:

• Burp Suite requests Java Runtime
• Supports Windows, Linux and macOS

After installing and opening Burp Suite, you will see the project initialization interface:

If you don’t want to save the project:

• Press Next
• Then choose Start Burp

The main interface of Burp Suite will appear:

Step 2: Configure Proxy for the browser

In order for Burp to block requests, the browser must send traffic through Burp’s proxy.

In this example I use Firefox.

Open settings:

about:preferences#general

Scroll down to the section Network Settings and press Settings.

Set up the proxy as follows:

• Manual proxy configuration
• HTTP Proxy: 127.0.0.1
• Port: 8080
• Tick Use this proxy for all protocols

Then press OK.

Now all browser traffic will go through Burp.

Check out Burp’s Proxy Listener

Open Burp Suite:

Make sure the Proxy Listener is:

• Host: 127.0.0.1
• Port: 8080
• Status: Running

Test blocking HTTP traffic

Access the simple HTTP page:

http://neverssl.com

Burp will block the request and display it in the tab Intercept.

You can:

• See header
• Edit parameters
• Forward requests
• Drop requests

Why does HTTPS fail TLS?

When accessing an HTTPS site like:

https://google.com

You will see a TLS error.

Reason:

• HTTPS encrypts data using TLS
• Burp is in the middle (MITM)
• The browser does not trust Burp’s certificate

Therefore we need to install Burp’s CA certificate.

Step 3: Install Burp CA certificate to block HTTPS

Open a browser and access:

http://burp/

Press CA Certificate.

Save the certificate file.

Next open:

about:preferences

Search Certificates.

Select:

• View Certificates
• Authorities
• Import

Select the Burp certificate file you just downloaded.

Tick ​​both options:

• Trust this CA to identify websites
• Trust this CA to identify email users

Press OK.

You can now block HTTPS without TLS errors.

How Burp Suite blocks requests

Open:

Proxy → Intercept

When turned on Intercept is ON:

• Request stops at Burp
• You can edit the data
• Then press Forward

For example, when logging into a website:

You will see:

• HTTP headers
• Cookies
• POST data
• Tokens

Edit request parameters

Switch tabs Params.

Here you can:

• Edit value
• Add parameters
• Delete parameters

This is how the pentester checks the server’s logic.

View full request history

To see all requests:

Proxy → HTTP History

You will see:

• List of requests
• Status code
• Domain
• Method (GET/POST)

Very useful when analyzing APIs or debugging web apps.

Actual use-case in Vietnam

Burp Suite is often used to:

• Analyze mobile app API
• Debug website requests
• Reverse engineer web service
• Web security testing

Many classmates Bug Bounty or Web Pentest all start with Burp.

If you are new to web security, you should combine it with a practice platform such as:

• TryHackMe
• PortSwigger Web Security Academy

Common errors when using Burp Suite

1. Cannot block requests

The cause is usually due to:

• Proxy is not configured correctly
• Wrong port
• Listener is not running

2. HTTPS fails TLS

The Burp CA certificate has not been installed in the browser.

3. Website does not load

Because Intercept is on but you have not forwarded the request yet.

FAQ – Frequently asked questions

Is Burp Suite free?

Have. Burp Suite Community Edition is free but some advanced features are only available in the Professional version.

Is Burp Suite used for hacking?

Burp Suite is a legitimate security testing tool. It is used by pentesters and security experts to detect vulnerabilities.

Is Java needed to run Burp Suite?

New versions have integrated runtime, but some older versions still require Java.

Which browser should I use with Burp?

Firefox is often used because it is easy to configure proxies and certificates.

Burp Suite setup checklist

• Install Burp Suite Community
• Proxy configuration 127.0.0.1:8080
• Check Proxy Listener
• Download Burp CA certificate
• Import into Firefox
• Turn on Intercept
• Analyze request/response

Conclude

Burp Suite is an extremely important tool in the field Web Security. Knowing how to intercept and analyze HTTP/HTTPS traffic helps you understand how web applications work and detect security issues.

If you are studying Pentest, Bug Bounty or API analysis, mastery of Burp Suite is an almost mandatory skill.

In the next articles, AnonyViet will provide further instructions on:

• Repeater
• Intruder
• Burp automation
• Exploit real web vulnerabilities

Reference source

• PortSwigger Web Security Academy
• TryHackMe
• Burp Suite Official Document