{"id":202,"date":"2026-01-06T15:20:18","date_gmt":"2026-01-06T15:20:18","guid":{"rendered":"https:\/\/jasveermaan.com\/?p=202"},"modified":"2026-03-13T10:05:44","modified_gmt":"2026-03-13T10:05:44","slug":"usingburpsuiteprowithoutinstallingonclientvdi","status":"publish","type":"post","link":"https:\/\/jasveermaan.com\/index.php\/2026\/01\/06\/usingburpsuiteprowithoutinstallingonclientvdi\/","title":{"rendered":"Using Burp Suite Professional Without Installing It on a Client VDI (via SSH &amp; EC2)"},"content":{"rendered":"\n<p>One of my friend contacted me regarding an issue where the client had provided a locked-down, shared VDI environment, which was also being accessed by another vendor, to the point where he was occasionally disconnected mid-session.<\/p>\n\n\n\n<p>Despite these constraints, the assessment had to proceed under the following conditions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All testing activities had to be performed from the client-provided VDI<\/li>\n\n\n\n<li>The target application was only accessible from within the VDI network<\/li>\n\n\n\n<li>Installing additional tools on the VDI was discouraged\/blocked<\/li>\n\n\n\n<li>Activating Burp Suite Professional on client infrastructure felt\u2026 uncomfortable<\/li>\n<\/ul>\n\n\n\n<p>He asked a simple question:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Is there any way I can still use my own Burp Pro locally, without activating it on the client VDI?<\/pre>\n\n\n\n<p>Since I enjoy learning and experimenting with new approaches, I decided to explore this problem during some free time over the New Year period.<\/p>\n\n\n\n<p>This post documents the exact setup we ended up using.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Core Idea<\/h2>\n\n\n\n<p>We want three things:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All web access must originate from the VDI<\/li>\n\n\n\n<li>Burp Suite Professional should run only on the tester\u2019s local machine<\/li>\n\n\n\n<li>No Burp Pro license activation on the client VDI<\/li>\n<\/ul>\n\n\n\n<p>To solve this, we introduce a small EC2 relay server and use SSH port forwarding to stitch the environments together.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Client VDI \u2190\u2192 EC2 Relay \u2190\u2192 Tester Machine (Burp Pro)<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Why SSH on Port 443?<\/h2>\n\n\n\n<p>Here\u2019s the first hurdle we hit.<\/p>\n\n\n\n<p>Port 22 (SSH) was blocked outbound from the VDI. This is extremely common in corporate environments. However, port 443 was allowed.<\/p>\n\n\n\n<p>SSH doesn\u2019t care what port it runs on, so we simply configured all tunnels to use port 443, which blends in with normal HTTPS traffic and avoids firewall issues entirely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1 \u2014 EC2 SSH Configuration (Critical)<\/h2>\n\n\n\n<p>By default, Amazon Linux disables remote port forwarding. Without fixing this, nothing below will work.<\/p>\n\n\n\n<p>On the EC2 instance:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo nano \/etc\/ssh\/sshd_config.d\/99-portforward.conf<\/pre>\n\n\n\n<p>Add:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">AllowTcpForwarding yes<br>GatewayPorts yes<\/pre>\n\n\n\n<p>Restart SSH:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl restart sshd<\/pre>\n\n\n\n<p>This allows ports forwarded from other machines to be exposed via EC2.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2 \u2014 Local Machine (Burp Suite Professional)<\/h2>\n\n\n\n<p>Burp Pro runs only on the tester\u2019s local machine.<\/p>\n\n\n\n<p>Expose Burp Pro to EC2 (Reverse Forward):<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -i RelayServer.pem -p 443 -N -R \"*:9001:127.0.0.1:8080\" ec2-user@IPAddress -vvv<\/pre>\n\n\n\n<p>This makes Burp Pro (listening on 8080) available as:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">EC2:9001 \u2192 Mac:8080 (Burp Pro)<\/pre>\n\n\n\n<p>Allow Burp Pro to send traffic back via EC2 (Local Forward):<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -i RelayServer.pem -p 443 -N -L 8888:127.0.0.1:8080 ec2-user@IPAddress -vvv<\/pre>\n\n\n\n<p>This lets Burp Pro send traffic back through EC2, ensuring requests ultimately exit from the VDI network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3 \u2014 Client VDI<\/h2>\n\n\n\n<p>On the VDI, we run Burp Suite Community only as a lightweight proxy endpoint.<\/p>\n\n\n\n<p>SSH Tunnel from VDI:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -i RelayServer.pem -p 443 -N -L 8081:127.0.0.1:9001 -R 8080:127.0.0.1:8080 ec2-user@IPAddress<\/pre>\n\n\n\n<p>What this does:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>EC2:8080 \u2192 VDI:8080 (Burp Community)<\/li>\n\n\n\n<li>VDI:8081 \u2192 EC2:9001 \u2192 Burp Pro (Mac)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4 \u2014 Burp Configuration<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Burp Suite Professional (Local Machine)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Listener:\n<ul class=\"wp-block-list\">\n<li>Bind address: All interfaces<\/li>\n\n\n\n<li>Port: 8080<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Upstream Proxy\n<ul class=\"wp-block-list\">\n<li>Host: 127.0.0.1<\/li>\n\n\n\n<li>Port: 8888<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>The figure below shows Burp Pro (Local Machine) is configured with upstream proxy:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1030\" height=\"301\" src=\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Macbook_UpstreamProxyConfigured.png\" alt=\"\" class=\"wp-image-204\"\/><\/figure>\n\n\n\n<p>Burp Pro never connects directly to the target application. All requests ultimately exit the VDI network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Burp Suite Community (VDI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Listener\n<ul class=\"wp-block-list\">\n<li>127.0.0.1:8080<\/li>\n\n\n\n<li>Only one listener is required<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>The figure below shows Burp Suite configured:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2062\" height=\"708\" src=\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/VDI_BurpConfiguration.png\" alt=\"\" class=\"wp-image-205\"\/><\/figure>\n\n\n\n<p>Burp Suite Community on the VDI is used purely as a lightweight proxy endpoint.<br>No analysis, scanning, or modification is performed here.<\/p>\n\n\n\n<p>Note: Do not use Burp\u2019s embedded browser<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Firefox on the VDI<\/h3>\n\n\n\n<p>Configure Firefox manually:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTP\/HTTPS Proxy: 127.0.0.1<\/li>\n\n\n\n<li>Port: 8080<\/li>\n<\/ul>\n\n\n\n<p>This way:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firefox sends traffic to 127.0.0.1:8081 on the VDI<\/li>\n\n\n\n<li>8081 is your SSH local forward into the relay + Burp Pro chain<\/li>\n\n\n\n<li>The VDI remains the browsing endpoint, while Burp Pro performs analysis remotely<\/li>\n<\/ul>\n\n\n\n<p>Now the browser flow is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Firefox (VDI) \u2192 EC2 \u2192 Burp Pro (Mac) \u2192 EC2 \u2192 Burp Community (VDI) \u2192 Target<\/pre>\n\n\n\n<p>The figure below shows that Burp Pro (Local Machine) is receiving all the traffic:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1374\" height=\"217\" src=\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/BurpProReceivingAllTheTraffic.png\" alt=\"\" class=\"wp-image-206\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Lessons Learned<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSH tunnels create paths, not routing, you must design the flow<\/li>\n\n\n\n<li>Port 443 is your friend when 22 is blocked<\/li>\n\n\n\n<li>EC2 is an excellent neutral relay point<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts<\/h2>\n\n\n\n<p>This setup has now been used successfully for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Internal web apps<\/li>\n\n\n\n<li>Client-provided VDIs<\/li>\n\n\n\n<li>Restricted corporate networks<\/li>\n\n\n\n<li>Long-running Burp sessions<\/li>\n<\/ul>\n\n\n\n<p>If you ever feel uneasy about activating your Burp Pro license on a client machine, this is a clean, professional alternative.<\/p>\n\n\n\n<p>And yes, my friend was very happy (I got a coffee from him \u2615).<\/p>\n\n\n\n<p><strong><em>Disclaimer: It is highly recommended to consult with the client to ensure they are comfortable with the use of an EC2 relay, as the traffic will be routed through an AWS environment.<\/em><\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of my friend contacted me regarding an issue where the client had provided a locked-down, shared VDI environment, which was also being accessed by another vendor, to the point where he was occasionally disconnected mid-session. Despite these constraints, the assessment had to proceed under the following conditions: He asked a simple question: Is there &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/jasveermaan.com\/index.php\/2026\/01\/06\/usingburpsuiteprowithoutinstallingonclientvdi\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Using Burp Suite Professional Without Installing It on a Client VDI (via SSH &amp; EC2)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-202","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":11,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"predecessor-version":[{"id":256,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/202\/revisions\/256"}],"wp:attachment":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}