Configuring Burp To Work With An External Browser - PortSwigger

Home » How To Setup Burpsuite With Firefox » Configuring Burp To Work With An External Browser - PortSwigger

Maybe your like

Product Support and Documentation
  • Support Center
  • Getting Started Professional/Community Edition Burp Suite DAST
  • Latest Releases
  • Extend Burp BApp Store Extensions Bambdas Custom scan checks
  • User Forum
  • Training
Back to documentation home

Professional and Community Edition

  • Professional and Community Edition
  • Getting started
    • System requirements
    • Step 1: Download and install
    • Step 2: Intercepting HTTP traffic
    • Step 3: Modifying requests
    • Step 4: Setting the target scope
    • Step 5: Reissuing requests
    • Step 6: Running your first scan [Pro only]
    • Step 7: Generating a report [Pro only]
    • Step 8: What next?
  • Testing workflow
    • Setting the test scope
    • Mapping the website
      • Mapping the visible attack surface
      • Discovering hidden content
        • Automated content discovery
        • Hostname discovery
    • Analyzing the attack surface
      • Scoping the effort to audit a website
      • Identifying high-risk functionality
      • Identifying supported HTTP methods
      • Checking for hidden inputs
      • Evaluating inputs
      • Analyzing opaque data
        • Decoding opaque data
        • Identifying which parts of a token impact the response
    • Testing authentication mechanisms
      • Enumerating usernames
      • Guessing usernames for known users
      • Brute-forcing passwords
      • Credential stuffing
      • Brute-forcing logins
    • Testing session management mechanisms
      • Analyzing session token generation
      • Decoding opaque data
      • Identifying which parts of a token impact the response
      • Determining the session timeout
      • Generating a CSRF proof-of-concept
      • Working with JWTs
      • Maintaining an authenticated session
    • Testing access controls
      • Testing for privilege escalation
      • Testing horizontal access controls
      • Testing for IDORs
      • Testing for parameter-based access control
      • Spoofing your IP address using Burp Proxy match and replace
    • Testing input validation
      • Bypassing client-side controls
      • SQL injection
        • Testing for SQL injection vulnerabilities
      • Cross-site scripting (XSS)
        • Identifying reflected input
        • Testing for DOM XSS with DOM Invader
        • Testing for web message DOM XSS with DOM Invader
        • Testing for reflected XSS manually
        • Testing for stored XSS
        • Bypassing XSS filters by enumerating permitted tags and attributes
        • Testing for blind XSS
      • Client-side prototype pollution
      • OS command injection
        • Testing for OS command injection vulnerabilities
        • Testing for asynchronous OS command injection vulnerabilities
        • Exploiting OS command injection vulnerabilities to exfiltrate data
      • XXE injection
        • Testing for XXE injection vulnerabilities
        • Testing for blind XXE injection vulnerabilities
      • Testing for directory traversal vulnerabilities
    • Testing for clickjacking
    • Testing for SSRF vulnerabilities
      • Testing for SSRF
      • Testing for blind SSRF
    • Testing for WebSocket vulnerabilities
      • Manipulating WebSocket messages
      • Manipulating WebSocket handshakes
    • Working with GraphQL in Burp Suite
    • Complementing your manual testing with Burp Scanner
  • Tools
    • Dashboard
    • Burp's browser
    • Proxy
      • Getting started with Burp Proxy
      • Proxy intercept
      • HTTP history
        • Filtering HTTP history
        • Filtering with scripts
        • Adding custom columns
      • WebSockets history
        • Filtering WebSockets history
        • Filtering with scripts
        • Adding custom columns
      • Match and replace rules
        • Creating rules
        • Creating rules with scripts
        • Testing rules
      • Settings
      • Managing CA certificates
      • Invisible proxying
    • Repeater
      • Getting started
      • Working with HTTP messages
        • Using Burp AI in Repeater
        • Generating AI-powered explanations
        • Automating tasks with custom actions
          • Creating custom actions
          • Loading custom actions
          • Running custom actions
          • Managing custom actions
        • Sending grouped HTTP requests
      • Working with WebSocket messages
      • Managing tabs
      • Managing tab groups
      • Settings
        • Tab-specific settings
    • Intruder
      • Getting started
      • Configuring attacks
        • Payload positions
        • Attack types
        • Payload types
          • Payload lists
        • Payload processing
        • Resource pools
        • Attack settings
        • Managing tabs
      • Attack results
        • Editing attacks
        • Saving attacks
        • Viewing results
        • Analyzing results
        • Filtering results
        • Testing workflow
      • Typical uses
        • Enumerating identifiers
        • Fuzzing
        • Harvesting data
        • Enumerating subdomains
    • Target
      • Site map
        • Getting started
        • Workflow tools
        • Filtering the site map
        • Filtering the site map with scripts
        • Comparing site maps
        • Comparison results
        • Editing the layout
      • Scope
      • Crawl paths
      • Issue definitions
      • Manual application mapping
      • Reviewing unrequested items
      • Analyzing the attack surface
    • Inspector
      • Getting started
      • Modifying requests
      • Settings
    • Message editor
      • Text editor
      • Settings
    • Collaborator [Pro only]
      • Getting started
      • Settings
    • Logger
      • Getting started
      • Working with Logger entries
      • Adding custom columns
      • Filtering Logger
        • Capture filter
        • Capture filter with scripts
        • View filter
        • View filter with scripts
      • Task Logger
      • Viewing requests sent by Burp extensions
    • Sequencer
      • Getting started
      • Obtaining a token sample
        • Live capture
      • Settings
      • Results
        • Tests
    • DOM Invader
      • Enabling DOM Invader
      • Testing for DOM XSS
      • Testing with web messages
      • Testing for prototype pollution
      • Testing for DOM clobbering
      • Settings
        • Main settings
        • Attack types
        • Web message settings
        • Prototype pollution settings
        • Misc settings
        • Canary settings
    • Clickbandit
    • Comparer
      • Settings
    • Decoder
    • Engagement tools
      • Target analyzer
      • Content discovery
      • Generate CSRF PoC
      • Manual testing simulator
    • Infiltrator
    • Organizer
      • Annotating Organizer items
      • Filtering Burp Organizer
    • Collections
    • Command palette
    • Search
    • Context menu
    • Filter settings
  • Extending Burp
    • Bambdas
      • Managing scripts
      • Importing scripts
      • Creating scripts
        • Writing custom actions
          • Worked example
          • Writing guide
          • Developing AI features
          • Best practices for writing AI features
        • Submitting scripts to GitHub
        • Troubleshooting
        • API JavaDoc
      • GitHub repo
    • Custom scan checks
      • Managing custom scan checks
      • Importing custom scan checks
      • Creating custom scan checks
        • Writing guide
        • Passive worked example
        • Active worked example
      • Testing custom scan checks
      • BCheck definitions
      • Submitting BChecks to GitHub
      • Submitting scripts to GitHub
    • Extensions
      • Installing extensions
        • Installing from the BApp Store
        • Installing manually
      • Managing extensions
      • Using AI extensions
      • Troubleshooting extensions
      • Viewing requests sent by extensions
      • Creating extensions
        • Setting up your development environment
          • Using the starter project
          • Manual setup
        • Writing your first extension
        • Extension tutorials
          • Adding a settings panel
          • Adding a hotkey
        • Setting up remote debugging
          • Using a remote debugger
        • Loading your extension in Burp
        • BApp Store acceptance criteria
        • Submitting extensions to the BApp Store
        • Maintaining extensions on the BApp Store
        • Creating AI extensions
          • Best practices for writing AI extensions
          • Developing AI features in extensions
        • Montoya API
          • JavaDoc
          • GitHub
          • Example extensions
        • Extender API (Legacy)
          • JavaDoc
          • Examples
  • Running scans [Pro only]
    • Scanning web applications
      • Running a full crawl and audit
      • Scanning specific HTTP messages
      • Configuring scans
      • Setting scan scope
      • Configuring application logins
        • Adding usernames and passwords
        • Adding recorded login sequences
        • Managing application logins using the configuration library
      • Managing resource pools for scans
    • Running API-only scans
      • Configuring authentication
      • Configuring scans
      • Managing resource pools for scans
    • Adding custom scan checks
    • Adding extension scan checks
    • Live tasks
      • Creating live tasks
      • Task execution settings
    • Viewing scan and live task results
      • Summary
      • Audit items
        • Insertion points
      • Issues
      • Event log
      • Audit log
      • Live crawl view
    • Exploring issues with AI
    • Reporting scan results
      • Generating a report
      • Report settings
      • Burp Scanner Sample Report
  • Burp AI
    • AI credits
    • AI security, privacy and data handling
    • Troubleshooting AI connectivity
    • Prompting best practices with Burp AI
  • Project files
    • Creating project files
    • Managing project files
  • Settings
    • Key settings
    • Tool settings
      • Proxy
      • Intruder
      • Repeater
      • Comparer
      • Sequencer
      • Burp's browser
    • Project settings
      • Scope
      • Collaborator
      • Tasks
      • Automatic backup
      • Logging
    • Session settings
      • Sessions
      • Session handling rule editor
      • Macro editor
    • Network settings
      • Connections
      • DNS
      • TLS
      • HTTP
    • User interface settings
      • Side panel
      • Message editor
      • Hotkeys
      • Display
    • Suite settings
      • REST API
      • Updates
      • Becoming an early adopter
      • Performance
      • Temporary files location
      • Startup behavior
      • Shutdown behavior
    • AI
    • Extensions
    • Configuration library
    • Response extraction rules
  • Customizing Burp's layout
    • Customizing top-level tabs
    • Customizing tables
  • Testing mobile applications
    • Configuring iOS devices
    • Configuring Android devices
    • Troubleshooting
  • Testing with HTTP/2
    • HTTP/2 basics
    • HTTP/2 in the message editor
    • Performing HTTP/2 exclusive attacks
  • Training
  • Troubleshooting
    • Common errors
    • Performance issues
    • Launching from the command line
    • Setting Java options
  • Support Center
  • Documentation
  • Desktop editions
  • External browser configuration

ProfessionalCommunity Edition

Configuring Burp to work with an external browser

  • Last updated: December 16, 2025

  • Read time: 1 Minute

If you need to use an external browser with Burp instead of Burp's preconfigured Chromium browser, perform the following configuration steps.

Note

For the vast majority of users, this process is not necessary. Simply use Burp's browser instead, which is already configured.

  1. Check that the proxy listener is active.
  2. Configure your external browser to proxy traffic through Burp:
    • Chrome (Windows)
    • Chrome (MacOS)
    • Firefox
    • Safari
  3. Check your browser proxy configuration.
  4. Install Burp's CA certificate.

Tag » How To Setup Burpsuite With Firefox