What is Burpsuite
Burp Suite, a framework of web application pentesting tools, is widely regarded as the de facto tool to use when performing web app testing. BurpSuite acts as a proxy between your browser and sending it through the internet – It allows the BurpSuite Application to read and send on HTTPS data.
The suite can run under windows and linux.
Install: https://portswigger.net/burp/communitydownload
Burp Suite requires Java JRE in order to run. Download and install Java here:
https://www.java.com/en/download/
After install we need to do some configurations.
CA Certificate
Start Burpsuite. Accept al defaults
Start firefox
let’s add an extension to our web browser to allow up to easily route or traffic through it. We use FoxyProxy Standard https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
Next, click on FoxyProxy among your extensions.
After that, click on ‘Options’.
After that, click ‘Add’ in the top left.
Enter in the following settings and then click ‘Save’
Finally, click on the FoxyProxy extension icon again and select ‘Burp’.
Go to http://localhost:8080
Click on CA Certificate
Save the certificate
Now that we’ve downloaded the CA Certificate, move over to the settings menu in Firefox. Search for ‘Certificates’ in the search bar.
Click on ‘View Certificates’
Next, in the Authorities tab click on ‘Import’
Select trust this CA to identify web sites and select trust this ca to identify email users
Select ‘OK’ once you’ve done this. Congrats, we’ve now installed the Burp Suite.
Only send data to Burp when you need it. Otherwise turn it off
Add comment