Duplex Proxy Setup

Below you will find instructions on how to setup a duplex proxy setup. Once you complete the walk-thru you will find it is very easy to add multiple proxies to your chain using the same technique shown here.

Here is a quick overview of the setup, we will be chaining both proxy servers together. This will allow us to leverage both tools during our web application testing with minimal effort.

Duplex Proxy Overview

Proxy 2: Zap Setup

First ensure you have ZAP installed. For Kali Linux this could be done with ‘apt-get install zaproxy’.

Once installed open Tools > Options


From the options menu find the Local Proxies section, and modify the Port number to something other than 8080. For our example we configure the port 8181 to setup our ZAP proxy.

Now save and exit Zap proxy to save these settings (this may not be required but I have found it best).


Now you can launch Zap proxy again and verify it is listening.

netstat -antpln | grep 8181
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0          :::*                    LISTEN      23824/java
Proxy 1: Burp Setup

We launch Burp and edit the User options to add an Upstream Proxy Server. We use the same settings we used to configure our ZAP proxy. In this case we add an upstream proxy with port 8181


Browser Setup

Now we just need to setup our browser. For our example we will use Firefox with the Foxy Proxy plug-in.

You can find the plug-in here: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Once installed we setup Burp as a proxy using the port 8080


Now we should be able to browse to a resource in our browser and see the results processed by both Burp and Zap


Using this method you can chain more proxies together by simply adding an upstream proxy to Zap, wash and repeat as needed to chain as many as you wish. The only limitation is each proxy must allow upstream proxy settings.

Hope you enjoyed the tip, now get to testing all the things!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: