- Oct 26, 2007
Setting Up the Proxy
Numerous programs are available for Windows that will proxy traffic between network devices. We are going to demonstrate how to set up a proxy using Burp, a popular program that is used by web application developers and security researchers. However, the program can also be used as a simple proxy to relay HTTP traffic from the iPhone through the wireless network card and on to the primary connection to the Internet. Note that this primary connection could be another wireless card, an Ethernet card, or even a tethered connection to AT&T's EDGE connection.
First, you will need to download and install the Burp suite. You might need to also download the Java Runtime Environment; however, you probably already have this on your system. Once the Burp suite is downloaded, unzip it into a folder and double-click on suite.bat file. After a moment, you will see a window similar to Figure 1.
Figure 1 Burp Proxy
The Burp suite is easy to navigate, and is laid out logically. For this particular purpose, you only need to be concerned with the leftmost tab labeled Proxy. Click on this tab, and then click the Options tab to view the configuration settings. Uncheck the 'loopback interface only' option to allow the proxy to accept incoming requests from the remote iPhone (Figure 2). Note that by unchecking this, you will also be allowing anyone else who manages to locate your wireless signal the ability to proxy their HTTP requests through your connection. However, by enabling encryption over the wireless network you can all but eliminate any chance of abuse.
Figure 2 Enabling Burp for external connections
Switch back to the main screen by clicking on the 'intercept' tab. At this point you are ready to test the connection. To do this, open up Safari on the iPhone and attempt to load a webpage. Assuming the ad-hoc connection is enabled and up, you should see a captured request in the Burp window, such as in Figure 3. If you do, click the 'intercept on' and 'forward' buttons. If not, you will need to do some troubleshooting.
Figure 3 Burp intercepting an HTTP request to InformIT.com