Skip to content

Proxy Integration

Traffic can be routed through an intercepting proxy (Burp Suite Pro or Caido) for manual inspection, replay, and analysis. The --proxy flag on /pentest enables this globally for all tools and phases.

Supported Proxies

Burp Suite Pro + burp-ai-agent

Burp Suite Professional with the AI agent extension provides 53 MCP tools for automated interaction with Burp's scanner, repeater, intruder, and other modules.

Caido + caido-mode

Caido with its automation mode provides 47 CLI commands for programmatic control of the proxy, replay, and analysis features.

The --proxy Flag

Usage

# Route all traffic through Burp Suite (default port 8080)
/pentest https://target.com --proxy 127.0.0.1:8080

# Route through Caido (default port 8080)
/pentest https://target.com --proxy 127.0.0.1:8080

# Combine with other flags
/pentest https://target.com --proxy 127.0.0.1:8080 --fast
/pentest https://target.com --proxy 127.0.0.1:8080 --bug-bounty

What Happens

  1. The proxy address is stored in context.json under proxy.fixed_proxy
  2. Every skill reads this value at startup via the shared boilerplate
  3. All HTTP requests -- from stealth_curl(), tool invocations, and Python scripts -- are routed through the proxy
  4. TLS verification is disabled (-k / --insecure) to allow the proxy to intercept HTTPS traffic with its own CA certificate

context.json Entry

{
  "proxy": {
    "fixed_proxy": "127.0.0.1:8080"
  }
}

How Traffic Is Routed

The shared boilerplate loads the proxy setting and applies it to all requests:

PENTEST_PROXY=""
if [ -f "${EDIR:-.}/context.json" ]; then
    PENTEST_PROXY=$(python3 -c "
        import json
        ctx = json.load(open('${EDIR:-.}/context.json'))
        print(ctx.get('proxy',{}).get('fixed_proxy',''))
    ")
fi

When PENTEST_PROXY is set, stealth_curl() automatically adds:

--proxy http://$PENTEST_PROXY -k

The -k flag disables TLS certificate verification, which is necessary because the proxy presents its own CA certificate for HTTPS interception.

Per-Tool Proxy Flags

When a fixed proxy is configured, each tool receives its appropriate proxy flag:

Tool Proxy Flag
curl / stealth_curl --proxy http://$PENTEST_PROXY -k
nuclei -proxy http://$PENTEST_PROXY
sqlmap --proxy=http://$PENTEST_PROXY
ffuf -x http://$PENTEST_PROXY
httpx -http-proxy http://$PENTEST_PROXY
katana -proxy http://$PENTEST_PROXY
dalfox --proxy http://$PENTEST_PROXY
arjun --proxy http://$PENTEST_PROXY
nikto -useproxy http://$PENTEST_PROXY

Proxy Rotation

When no --proxy flag is set, the suite supports optional proxy rotation via proxies.txt at the project root. This rotates source IPs every N requests to evade IP-based rate limiting.

Fixed Proxy Overrides Rotation

When --proxy is set, proxy rotation is completely disabled. All traffic goes through the single fixed proxy.

proxies.txt Format

# One proxy per line. Supports HTTP, HTTPS, SOCKS5
http://proxy1.example.com:8080
https://proxy2.example.com:8443
socks5://proxy3.example.com:1080
# Residential proxies (best for WAF evasion)
http://user:pass@residential.proxy.io:9000

Rotation Behavior

PROXY_ROTATE_EVERY=10  # Rotate every 10 requests

The get_next_proxy() function in the shared boilerplate cycles through proxies in proxies.txt sequentially, switching to the next entry every 10 requests. The stealth_curl_proxied() wrapper applies the current proxy automatically.

Setting Up Burp Suite

  1. Start Burp Suite Professional
  2. Configure the proxy listener on 127.0.0.1:8080 (or your preferred address)
  3. Ensure the Burp CA certificate is installed if you need to inspect HTTPS traffic in the Burp UI (the tools use -k to bypass verification)

  4. Launch the pentest:

    /pentest https://target.com --proxy 127.0.0.1:8080

  5. All requests and responses appear in Burp's HTTP History tab

  6. Use Repeater to manually replay interesting requests
  7. Use Scanner for additional coverage on discovered endpoints

burp-ai-agent Integration

The burp-ai-agent extension exposes 53 MCP tools for programmatic interaction with Burp modules. When available, skills can leverage these for automated scanning, issue extraction, and payload generation.

Setting Up Caido

  1. Start Caido and configure its proxy listener

  2. Launch the pentest with the proxy flag pointing to Caido's address:

    /pentest https://target.com --proxy 127.0.0.1:8080

  3. All traffic is captured in Caido's intercept and replay views

caido-mode Integration

Caido's automation mode provides 47 CLI commands for replay, filtering, and analysis. When available, these can be used alongside the standard testing skills.

Docker Considerations

Since all tools run inside Docker, the proxy address must be reachable from the container:

  • 127.0.0.1 works when Docker uses host networking or the proxy binds to all interfaces
  • On Linux, you may need --network host or use the Docker gateway IP (172.17.0.1)

  • On Windows/macOS with Docker Desktop, host.docker.internal resolves to the host machine:

    /pentest https://target.com --proxy host.docker.internal:8080

Verify Connectivity

Test that the proxy is reachable from inside the container:

docker run --rm pentest-tools \
    curl -x http://127.0.0.1:8080 -k https://example.com

Combining Proxy with Stealth Mode

The proxy flag works with all modes:

Mode Proxy Behavior
Default (stealth) Traffic proxied with Chrome UA, jitter, rate limits
--fast Traffic proxied at full speed, no stealth headers
--bug-bounty Traffic proxied at full speed, all templates enabled

Stealth headers, jitter, and rate limiting are applied before the request reaches the proxy. The proxy sees realistic-looking traffic regardless of the mode.

BD Proxy Bridge Extension

The BD Proxy Bridge is a Burp Suite extension that captures HTTP traffic and sends it to the BeDefended Dashboard for storage and continuous AI analysis.

Download: bd-proxy-bridge-1.1.0.jar

Installation

  1. In Burp Suite: Extensions -> Add -> Select bd-proxy-bridge-1.1.0.jar
  2. Go to the BD Bridge tab
  3. In the Dashboard, create a Proxy Session -> copy the Config URL or JSON
  4. Paste into the extension -> Apply Configuration
  5. Traffic flows automatically to the Dashboard
  6. AI Analysis is enabled by default — toggle in BD Bridge tab

Features

  • AI Real-Time Analysis — every request analyzed by Claude AI for vulnerabilities (async, non-blocking)
  • AI findings appear in Burp Scanner tab, Alerts tab, and Extender Output
  • AI Findings counter with severity breakdown (Critical/High/Medium) in BD Bridge tab
  • Recent findings list (last 30) with timestamps
  • Batch request ingestion (5/batch or every 2s)
  • Zero-config setup via Config URL or clipboard paste
  • Burp Target Scope integration or regex fallback
  • Response dedup (SHA-256 + endpoint normalization, 30-min TTL)
  • Binary content filtering, max response size filter
  • VulnContext tagging (auth, payment, admin, API)
  • Injection point extraction (params, JSON, cookies, path IDs)

AI Proxy Analyzer

When the Dashboard runs in local mode (/start-dashboard --local), a background AI analyzer continuously reviews incoming proxy traffic with the same depth as a /pentest:

  • Checks all 10 OWASP categories + business logic + API security
  • Runs every 20 seconds when new requests arrive (min 3 per batch)
  • Updates individual requests with AI flags, severity, and reason
  • Results visible in the Proxy History page + Analysis panel
  • Toggle per-session via the AI Active/Off button

The analyzer works standalone (manual testing) and in parallel with an automated /pentest.