# Pynt for Firefox Browser

{% hint style="success" %}
🚀 **At a Glance**: Pynt integrates directly with **Firefox**, enabling real-time API security testing as you browse. This seamless integration monitors API traffic, automatically generating context-aware security tests.
{% endhint %}

***

## Capturing traffic from Firefox Browser 

Pynt can also conduct an API security scan on traffic generated from Firefox in an interactive mode, following these steps:

* Configure Firefox to route traffic through Pynt.
* Run Pynt using the command: `pynt listen --captured-domains <domain of the APIs that need to be tested>`.
* Browse the site that will be tested by Pynt.
* Press Enter on Pynt to start the scan.

***

## Steps to Run Pynt with Firefox

Use the following steps to integrate Pynt with Firefox browser:

***

### **Configure Firefox to Record Traffic**

* Open Firefox and go to the settings to configure the proxy through which Pynt can capture the traffic.

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2Fj5iNU650k6eITccItZdt%2Fimage.png?alt=media&#x26;token=d167bfc3-a362-40ec-9013-4f4bf566709c" alt=""><figcaption><p>Configure Proxy in Firefox</p></figcaption></figure>

If your target is *localhost* as in the example, go to about:config and modify the `network.proxy.allow_hijacking_localhost` parameter to **True**

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FrO4U6qU9jueQSpbKTYGn%2Fimage.png?alt=media&#x26;token=bb097ebc-f7cd-40e2-97cd-a586662623ac" alt=""><figcaption><p>Enable Firefox to route localhost traffic to proxy</p></figcaption></figure>

***

### **Configure Firefox to Import Pynt's proxy certificate**&#x20;

* The first time you execute `pynt listen`, Pynt stores the certificates in `~/.pynt/cert`.
* Import the `mitmproxy-ca-cert.cer` into Firefox

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2Ffs7YzKYLKwFmgJxsikN3%2Fimage.png?alt=media&#x26;token=870b6ed4-6abf-4025-aa65-849aae7b228a" alt=""><figcaption><p>Import Pynt's proxy certificate</p></figcaption></figure>

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FEvDUjloG4hyQYg6YuIhn%2Fimage.png?alt=media&#x26;token=66cc677b-f4d4-4146-804d-e1c09b578e5c" alt=""><figcaption><p>Download certificate</p></figcaption></figure>

***

## Example on OWASP crAPI

For this example we will use [`Pynt listen`](https://docs.pynt.io/documentation/api-security-testing/pynt-cli-modes/pynt-listen-cli-mode) and set it to capture localhost traffic:

```bash
pynt listen --captured-domains localhost
```

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FL0HRTD6fqoLPrOJ09a4z%2Fimage.png?alt=media&#x26;token=d8bb9117-b61d-4e02-82de-cf6c80590847" alt=""><figcaption></figcaption></figure>

For this example we will test with traffic to [OWASPs crAPI ](https://github.com/OWASP/crAPI)application running locally on localhost:8888

Now on Firefox set the url to <http://localhost:8888> and do various actions on crAPI web pages

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FYHxCdrREL7kh761dU5Ww%2Fimage.png?alt=media&#x26;token=4867854d-41ab-4ac5-949f-8e2dc8a44bdc" alt=""><figcaption><p>Firefox examle</p></figcaption></figure>

After finishing browsing the site, return to the terminal where Pynt is running and press Enter to start the Pynt scan.

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FhAszYUcw3Qtt4wErXcKv%2Fimage.png?alt=media&#x26;token=f56e7e7b-767d-4f4e-8fae-0f4043e909bc" alt=""><figcaption><p>Pynt for Firefox example</p></figcaption></figure>

***

{% hint style="info" %}
💡 **Need Help?** For any questions or troubleshooting, reach out to the [**Pynt Community Support**](https://www.pynt.io/community).
{% endhint %}