diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix
index 98c9ea8..3f5cdaf 100644
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@@ -37,6 +37,34 @@
         gitUser = "fruchti";
     };
 
+
+    nixpkgs.overlays = [
+        (self: super: {
+            burp = (super.burp.overrideAttrs (old: {
+                postInstall = ''
+                    mv $out/sbin/burp $out/sbin/burp-untunneled
+                    cat > $out/sbin/burp <<-EOF
+                    #!/${pkgs.bash}/bin/bash
+                    ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
+                    $out/sbin/burp-untunneled \$@
+                    EOF
+                    chmod +x $out/sbin/burp
+                '';
+            }));
+        })
+    ];
+
+    services.burp = {
+        client = {
+            enable = true;
+            # Because of the port forward, the server will be localhost
+            server = "localhost";
+            frequency = "2:00";
+            passwordFile = "/secrets/burp_client_password";
+            sslKeyPasswordFile = "/secrets/burp_ssl_key_password";
+        };
+    };
+
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It’s perfectly fine and recommended to leave