Thursday, May 21, 2020

Burp Suite Complete Guide (Part 1-Installation & Configuration)


Burp Suite is the best Penetration Testing tool specially made for Cyber Security experts which Test websites, servers, and Networks with its combination of automated and manual tools.

 Well, every Cyber Security person knows how useful Burp Suite is, and those who want to Learn it you came to the right place.

Now Instead of explaining tools all over here, I will explain all combinations of tools with practical for better understanding.

So, let's dive into it.

Downloading and Installing Burp Suite 


In Kali Linux Full version burp suite comes preinstalled if it's not just type

# sudo apt install burpsuite 


Installing Burp Suite for Windows and Mac 


Just Check out this link

Choose your OS and Download the version you want.


Now you are Confused about Which version to download I am here to help.

Burp Suite has 3 versions 

Enterprise - Automated Testings for organizations and developers who didn't have any knowledge of penetration testing burp suite automated integrations cover you up here.
Price - $3,999 per year.

Professional -  For Serious Cyber Security persons  Penetration testers and Bug Bounty Hunters those who want to scale there skill using burp suite. Has Automated and manual tools to help with hunting bugs and vulnerabilities.
Price - $399 per user, per year.

Community Addition - This Version has limited manual testing tools to start with and good for researchers and penetration testers who want to learn or just using for hobbie.
Price - Free

You guys came here to learn right? then go for community addition and learn how to use it first.

If you are serious about Cyber Security and Penetration testing then go for Professional version you will surely not disappointed by it obviously if you can afford it. 

Now. we installed a burp suite we need to configure it with browser.


Configuring Burp Suite with Firefox Browser



 I use the Firefox Browser and recommended you to use the same because it has more hacking related extensions than any other browsers to make your life easier.

FoxyProxy is an extension you need to install now because of its switches Proxies in just one click.

Google it or visit here.


install it and click on the fox icon and go to options.
Add 

proxy - 127.0.0.1
Port - 8080



Configuring Burp Suite with Browser

save it and you will see that it's added on the menu of FoxyProxy.



Now let's open up the Burp suite. 


I am using Burp Suite Community Edition for this tutorial


use a temporary project 

use burp  default

 And Burp Suite Application will start up showing you all the options after configuring we will see them one by one.

For Testing Purpose we will be using DVWA you still don't know how to install it then click here.

login to DVWA then click on proxy we added using an icon of FoxyProxy.

Foxyproxy Configuring Burp Suite with Browser



This means your browser requests will be routed from the burp suite and we have total control over requests we are sending.
clicking on anything on DVWA.

And you will see your Burp suite will fire up with a proxy tab and request your browser sent.


Burp suite proxy setup
 


 we configured our Burp suite with HTTP connections successfully but with HTTPS site this will occur. 

Burp suite proxy setup on HTTPS

 Intercept SSL (HTTPS) Requests in Burp Suite


We need to download Certificates of Burp and add them to the browser.

Type http://burp in the URL bar and hit enter.


burp certificates

Click on CA Certificate and save the file.

Now Go to 

Preference > Privacy and Security > Scroll to Certificates > Click on view Certificates

Now click on import and select cacert.der 

burp certificates configure
 Tick on both checkboxes and click OK.

That's it now refresh page and burp suite will pop up with requests.


Burp suite configuration with HTTPS sites

After Forwarding the requests page will open up normally.


That's it, we configured burp suite Successfully now ready to head over to learn how to use it. 








Share:

Popular Posts