Let’s learn how to install Burp Suite step by step and how to use its features, and Before jumping to the installation part, we will first understand the basics of Burp Suite.
What is Burp Suite?
- Burp suite is a java based frameworks designed to serve solution for conducting web application penetration testing.
- It is a manual security testing tool.
- Using a proxy in Burp Suite allows security professionals to intercept and analyze web traffic between their browser and the server.
Let’s install the Burp suite:-
There are 3 types of subscription model present in burp suite-
- Burp suite Professional
- Burp suite Enterprise
- Burp suite Community
Here we install the Burp Suite Community edition, which is a free version –
Just go to google.com and search for ‘Burp Suite Community Edition download’
Click on the first link –
Now click on the Download option which you can see in the bottom.
After downloading burp suite you will receive this.
Click on the next button to complete the installation process.
After successfully installing Burp Suite, when you open it, you will see the initial Burp Suite window. Now click on the Next button to proceed.
Now click on Start Burp.
Once Burp Suite is launched, we will land on the Dashboard.
If you want to use Burp Suite, either you can use pre-installed browser Chromium or you also need to configure Mozilla Firefox with it.
Let’s download the Mozilla Firefox –
We have to follow the same steps as we did for downloading Burp Suite.
After successfully installing Mozilla Firefox, we need to download an extension called FoxyProxy in Mozilla Firefox. Basically FoxyProxy is a browser extension that simplifies the process of managing proxy settings. It allows users to easily switch between multiple proxy configurations without needing to manually change the browser settings each time.
You can see three lines in the top right corner. Just click on that, and you will see many options. Ignore all of them and click on ‘Settings‘.
When you click on ‘Settings‘, you will see many options. Just click on ‘Extensions & Theme options’.
Here, you can search for the extension called ‘FoxyProxy‘.
Now just choose the Burp. Now, you just have to go to the Burp Suite tool.
Just click on this setting icon and you will see another window.
Just copy the IP address and paste it into Mozilla Firefox. We need to download the certificate through this public IP and import that certificate into FoxyProxy.
Note:- This is a one-time process.
Click on ‘CA Certificate’. It will start downloading the certificate.
After downloading the CA certificate, we just need to import it into the browser settings. By importing Burp Suite’s CA certificate into your browser, you can effectively analyze HTTPS traffic without encountering trust issues or security warnings.
Now, just click the icon in the upper right corner. You will see many options; ignore them and click on the ‘Settings‘ option.
After clicking ‘Settings‘, you will see the settings interface. In the search box, type ‘certificate‘. In the search results, click on ‘View certificates‘.
Just click on ‘Import’.
Just select the CA certificate you downloaded and click ‘Open‘, Now you are ready to go-
Now that we have finished the downloading and installing part, we will capture some traffic to check if our application is working properly.
To turn on the intercept, first open Burp Suite and go to the Dashboard. Click on ‘Proxy‘ at the top, then click on ‘Intercept‘ to turn it on.
When we open Burp Suite, the intercept option is generally off, so we need to turn it on. The intercept feature captures real-time traffic between the browser and web server, meaning it captures whatever we are doing in the browser and shows it in Burp Suite.
Now we will go to Mozilla Firefox and search for something to check if our Burp intercept is capturing the traffic.
We can see in the Burp Suite HTTP history that it has captured the traffic. We recently searched for wikipedia.com, and it is there in Burp.
Discover more from Upcoming Hackers
Subscribe to get the latest posts sent to your email.