How to intercept TOR hidden service requests with Burp

My environment for this setup: MacOS, Burp Suite, Tor service, Firefox browser and brew.

  • Install tor service(not the TorBrowser bundle). On Mac you can do it with “brew install tor”. If you don’t have brew installed run this command:

Here is the link in you need more information on brew: https://brew.sh/

  • Run tor service with the following command: brew service start tor. If you do brew service list you should see tor running:

Configure Firefox:

  • Set manual proxy configuration to 127.0.0.1 port 8080
  • Make sure SOCKS is set to v5. V4 is not supported.

Configure Burp:

  • In the Proxy option make sure it’s also running on 127.0.0.1 port 8080. It should be already set by default
  • Under User Option tag → Connections set SOCKS Proxy. Host — 127.0.0.1, port 9050 (or whatever port your tor service is running on. It could also be 9150).

Your nmap output for localhost should look like this:

Great! Now you can intercept and modify onion traffic. In Burp Pro you can also set up Collaborator Everywhere and whenever an onion service is not configured properly it will ping back the Burp server revealing its original IP.

Happy hacking!

Bitcoin tip jar: bc1qgpl6lhf09j6kcdvkh8cz90p4cfxuyfec3ecjrd

Ethereum tip jar: 0x7e0Bf6D50b5F5fcbf76A16Bd5285CE0c74C063a9

security researcher and penetration tester. twitter: @kali_null

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store