Burp Suite – From scratch to Pro

Burp Suite – From scratch to Pro

Burp is one of the popular tools for pen testers and you could see this tool being used in many of the POC’s. The reason being so popular is that this suite contains collection of all small tools required by every kind of testing.

What is Burp Suite ?

Burp or Burp Suite is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Security.The tool comes up with 2 versions -> first is a free one and a full version that’s a paid one . The tool was developed to provide a All in One solution for web application security checks. Except for basic options such as proxy server, scanner and intruder it contains more advanced options such as spider, repeater, decoder, comparer, extender and sequencer.

This tutorial will help you setting up burp and configuring it to work on http and https as many of the beginner s fail in setting it up correctly.

So let’s begin 🙂

Step 1: Download Burp Proxy from : https://portswigger.net/ (Pro or Free Depends on you )

 

Step 2: Once Downloaded Make sure you have java installed on your computer. If not you can get it from here : https://www.java.com/download/

 

 

Step 3: Start the installer by double clicking on the exe file .

 

Step 4: Follow the steps as given in images to install.

Step 5: Once installed you can launch burp from desktop. Double Click on the Burp icon.

Step 6: Press the next icon followed by start Burp.

Now the burp is successfully running on your system. Next you need to configure you system and browser to use it as proxy .

 

CONFIGURATIONS :

1 Setting up burp proxy configuration.

  • Go to proxy tab
  • Go to options sub tab
  • Click on the edit button and give port no. to your proxy let say 1234.
  • Make sure there is tick under the running option.

2 Setting up local system proxy .

  • Go to network proxy settings in windows.
  • Give the following proxy configurations under manual proxy setup.

3 Configure browser to user proxy .

  • Setup proxy in browser . Go to firefox -> Options -> Advanced -> Netowork -> Settings .
  • Give following settings.
  • Click ok.

4 Configure CA Certificates :

  • Go to browser : 127.0.0.1:1234
  • Click on the CA Certificate to download the certificate.
  • Install the certificate as Trusted Root Certificate.
  • Go to firefox -> Options -> Advanced -> Certificates
  • Click on View Certificates. And then Import option under Authorities Tab
  • Select the location of your certificate and click on Open button.


Now you are done with the configuration of Burp.

Time for some action :

Go to browser start surfing any http/https website. Come back to burp proxy . Go to intercept tab to intercept the request. Shut down the intercept to simultaneously surf as well see the requests.

 

 

Click here to visit our youtube channel –> CHANNEL

#like #comment #share

Click here to visit our Facebook Page SECTOR443

Thankyou

Regards

Stay Safe Stay Secure | Sector443

#sector443.com

 

Leave a Reply

Your email address will not be published. Required fields are marked *