Let’s read some Cybersecurity Blogs…
Today we will learn about installing the Burp suite community edition and how to set up all necessary things which are required for Testing.
“PortSwigger is a global leader in cybersecurity. They created Burp Suite, the leading toolkit for web application security testing.“
The Community Edition of the burp suite is Free of cost and the Burp suite is mainly used to intercept the request & response and much more stuff like encoding&decoding, sequencing, brute-forcing, etc.
Let’s start the installation process, SO first thing is to install the Burp suite from the official website of Portswigger.
Once you have clicked on the Download button you will be asked for which OS(Operating System) you want to download, select that and simply hit on Download.
when you are done with Downloading, if you are using Linux it will give a “.sh“ file & if you are using Windows the file will be “.exe“. In Windows, you need to simply click on the .exe file and the installation will start but in Linux .sh file will run through the terminal../burpsuite_community_linux_v2021_6_2.sh
After running this, the burp suite will fire up and ask for some configuration we need to do that as the installation process.
Here the setup begins and we need to click on Next.
Here we need to give the Location of the file from where it will work like program files. The given Location is default and I have not changed it, you can change it or keep it default it’s up to you…
Now Burp Suite will start Extracting files which will help the Burp suite to run properly in our system, it will take few seconds to install and after that, you can run Burp Suite.
Run the Burpsuite you will see the interface of the burp suite.
Accept the License and Move forward.
Now here come’s some Professional things like if you are working on a project and you need to store all the data & logs that you have done should remain with you, then you can use it and make a separate project and use it any time you required with same logs & details you have already fetched.
By the way, many Bug hunters do not maintain this and it’s up to you.
And now you can run or Start Burp.
This is how the Burp Suite Interface looks like and now it’s time to set up the “Proxy” for intercepting the requests.
- Manually enable proxy in settings
- Use any Proxy entension for fast proccess.(recommended)
I always use the proxy extension “Foxy Proxy“ and I also recommend you to use it because there is no need to always go to settings and enable it, Just with one click it will be enabled using Foxy proxy.
Add this to your Browser and after that, we need to configure some stuff.
Go to Options and there we need to enter the localhost and Port.127.0.0.1 : 8080
Once you have done this in Proxy details, go to General and give a name Burp(as per your choice).
Now the Burpsuite will only intercept the “http” request and it will not intercept “https”, we need to install the Burp suite Certificate for intercepting “https” request. For that enable your proxy by clicking on Foxy Proxy and in that Burp and keep the Burpsuite Open. Now search for,http://burpsuite
This will download a certificate of “cacert.der“. After that, you need to import this to our browser.
Open Browser -> Settings -> Certificate -> Import
Once you have imported the certificate and now you can intercept the https website as I have clicked on intercept on and searched for “http://vulndetox.com“ and burp suite has captured the request.
But Don’t Forget to close proxy when you are not using the Burp Suite, it will give an Error.
It’s over for today, and time to say GOODBYE for now.