Configuring Your Web Server – PortSwigger

BUSINESS

In the upper right corner of the screen, select the settings icon and go to Network to open network settings. If this is your first time logging in as an administrator, you need to set the web server URL.

From this page, you can make changes to the following settings. Note that if you make any changes to some of these settings, you will have to wait for the web server to restart, change the URL in your browser, and log in again.

Web server URL and port number

This is the URL through which users will access the web server and log into Burp Suite Enterprise Edition. This URL is also used to generate links in emails sent from the server, such as password reset emails.

The first time you log in as an administrator, you must change it to http://your-web-server-IP:8080 or the fully qualified domain name of the machine where you installed the web server. The port number is the one you specified during the installation process (default: 8080). You can change these settings later if needed.

By default, the web server uses unencrypted HTTP for communication. If you plan to enable TLS, you must change the web server URL to use HTTPS.

Enabling TLS

If you want to enable TLS, select the Use TLS change. You will then be asked to download a PKCS#12 certificate. It must have the .p12 file extension; certificates in .psx format are not supported. You must also provide the certificate file password.

To note

If you have additional infrastructure in front of the business server, such as a load balancer, additional configuration may be required.

If you enable TLS after you have already set the web server URL, note that you must also change the web server URL to use HTTPS. That is, you need to update the URL to https://your-web-server-IP:8080.

Configuring an HTTP proxy server

The business server must access portswigger.net on port 443, activate your license and perform automatic software updates. For the best experience, we recommend allowing this access throughout your continued use of the software, not just during initial installation. If your organization does not allow you to connect directly to the public Internet, you can configure a network proxy that the Enterprise server can use to reach external domains, such as portswigger.net.

  1. Enter the host name and port number of your proxy server, for example example.com:1234.

  2. If your proxy server requires login, enter a valid username and password that the Enterprise server can use to connect to the proxy.

  3. If you also want to use the proxy server to connect to an SMTP server, enable this option as well. However, note that this option is only available if you are using an unauthenticated proxy. For more information, see the documentation on setting up a connection to your SMTP server.