Are you using Burp inside a network that uses a Proxy Auto-Config (PAC) script to dynamically determine which upstream proxies to use for some given host or hosts?

Are you lazy and just want an extension to figure this out auto-magically, without any user interaction?

Well then, the Burp Proxy Auto-Config (PAC) extension is for you! It automatically configures project-level upstream proxies for use by Burp based upon the desktop environment. It uses proxy-vole, which has support for PAC scripts built-in, in addition to supporting Java properties and environmental variables.

Q: I installed the extension but don't see anything to configure! How do I configure it?

A: Currently, there's nothing to configure! Once enabled, it automatically adds upstream proxies. Don't like that? Unload and/or remove the extension. Once unloaded, it should remove those upstream proxies it added, and only those.

Q: Will this extension screw up my other extensions?

A: Hopefully not! If you suspect something, please file an issue.

Q: How can I troubleshoot an upstream proxy issue that this extension might be causing?

A: Once Feature #2 is implemented, there will be a UI to aid in troubleshooting. Otherwise, manually inspecting the project-level upstream proxies should also help.

Q: Does this extension mess with my Burp settings?

A: Yes, by design it modifies the current project-level settings to add upstream proxies. It also will automatically enable "Project options" → "Upstream Proxy Servers" → "Override user options" due to limitations in the Burp Extender API. It currently does not reset this value.

Q: _Does this extension allow peroxy authentication

A: Yes, this is the prupose of this fork. A very limited but simple basic authentification support. If env var BURP_PROXY_USERNAME exist, then each time this extension decides to add a proxy in the project configuration, this proxy will be set with authentification type Basic, and credentials will be retrieved from env BURP_PROXY_USERNAME and BURP_PROXY_PASSWORD. For Linux, this is export export URP_PROXY_USERNAME="blablabla" For OSX, this is launchctl setenv URP_PROXY_USERNAME "blablabla"

Similarities:

• Both extensions use a library that evaluates the JavaScript PAC file within a Rhino ScriptEngine. However, this extension uses the newer version of proxy-vole. Proxy PAC uses an older unsupported version.

Differences:

• The "Proxy PAC" extension is written in Python and executed via Jython. This extension is written in Java.
• "Proxy PAC" starts a local web proxy via another thread. The user manually configures Burp to use this local web proxy. The proxy then initiates a client connection to whatever upstream proxy server, adding additional network latency per-request. This extension does not start a local web server. Rather, it modifies Burp's project-level configuration to add a per-host server to it. This is all automatic. Burp then handles making the upstream request directly.
• "Proxy PAC" does not seem to have any test case coverage, which makes modifications more challenging #yolo. This extension has some test case coverage.

This plugin assumes the following are trusted sources of proxy information:

• Java proxy settings configured when Burp was launched
• Desktop proxy settings, including any configured proxy auto-configuration scripts
• Certain environmental variables