Burp Suite Complete Guide (Part 1-Installation & Configuration)
Burp Suite is the best Penetration Testing tool specially made for Cyber Security experts which Test websites, servers, and Networks with its combination of automated and manual tools.
Well, every Cyber Security person knows how useful Burp Suite is, and those who want to Learn it you came to the right place.
Now Instead of explaining tools all over here, I will explain all combinations of tools with practical for better understanding.
So, let's dive into it.
Downloading and Installing Burp Suite
In Kali Linux Full version burp suite comes preinstalled if it's not just type
# sudo apt install burpsuite
Installing Burp Suite for Windows and Mac
Just Check out this link
Choose your OS and Download the version you want.
Now you are Confused about Which version to download I am here to help.
Burp Suite has 3 versions
Enterprise - Automated Testings for organizations and developers who didn't have any knowledge of penetration testing burp suite automated integrations cover you up here.
Price - $3,999 per year.
Professional - For Serious Cyber Security persons Penetration testers and Bug Bounty Hunters those who want to scale there skill using burp suite. Has Automated and manual tools to help with hunting bugs and vulnerabilities.
Price - $399 per user, per year.
Community Addition - This Version has limited manual testing tools to start with and good for researchers and penetration testers who want to learn or just using for hobbie.
Price - Free
You guys came here to learn right? then go for community addition and learn how to use it first.
If you are serious about Cyber Security and Penetration testing then go for Professional version you will surely not disappointed by it obviously if you can afford it.
Now. we installed a burp suite we need to configure it with browser.
Configuring Burp Suite with Firefox Browser
I use the Firefox Browser and recommended you to use the same because it has more hacking related extensions than any other browsers to make your life easier.
FoxyProxy is an extension you need to install now because of its switches Proxies in just one click.
Google it or visit here.
install it and click on the fox icon and go to options.
Add
proxy - 127.0.0.1
Port - 8080
save it and you will see that it's added on the menu of FoxyProxy.
Now let's open up the Burp suite.
I am using Burp Suite Community Edition for this tutorial
use a temporary project
use burp default
And Burp Suite Application will start up showing you all the options after configuring we will see them one by one.
For Testing Purpose we will be using DVWA you still don't know how to install it then click here.
login to DVWA then click on proxy we added using an icon of FoxyProxy.
clicking on anything on DVWA.
And you will see your Burp suite will fire up with a proxy tab and request your browser sent.
we configured our Burp suite with HTTP connections successfully but with HTTPS site this will occur.
Intercept SSL (HTTPS) Requests in Burp Suite
We need to download Certificates of Burp and add them to the browser.
Type http://burp in the URL bar and hit enter.
Now Go to
Preference > Privacy and Security > Scroll to Certificates > Click on view Certificates
Now click on import and select cacert.der
That's it now refresh page and burp suite will pop up with requests.
That's it, we configured burp suite Successfully now ready to head over to learn how to use it.