Burp Suite Configuration - Tutorial
https://github.com/quickemu-project/quickemu
Burp Suite
Burp Suitehttps://portswigger.net/burp https://www.kali.org/tools/burpsuite/ https://tryhackme.com/room/burpsuitebasicsDownload Burp Suite
It was usually pre-installed into *nix distribution like as Kali Linux.
wget "https://portswigger.net/burp/releases/startdownload?product=community&version=2023.12.1.5&type=Jar" -O burpsuite.jarStart Burp Suite
_JAVA_AWT_WM_NONREPARENTING=1 java -jar burpsuite.jar >/dev/null 2>&1 &or we can run it using GUI mode.
Burp Suite Configuration
Firefox + Foxy Proxy Extension
We can instrade browser traffic to Burp Suite configuring Browser settings or installing and configuring a browser extension:
Chromium
The following configurations permits to configure Burp for Chromium, use a dedicated IP:Port, instrade traffic for PT web activities and ignore certificates errors:
chromium \
--user-data-dir=pt-activity \
--proxy-server=127.0.0.1:8080 \
--ignore-certificate-errors \
--proxy-bypass-list="<-loopback>" \
>/dev/null 2>&1 &Add certificate to Chromium
Download certificates going to burp default page: localhost:8080 and click on CA Certificate to download cacert.der file, or download it directly on Burp Suite app using tab Tools -> Proxy -> Proxy Listeners -> Import/Export CA Certificate
and import it in the dedicated certificates setting Chromium section:
chrome://settings/certificates
Burp Suite Features
SiteMap
Site map shows the information that Burp collects as you explore your target application. It builds a hierarchical representation of the content from a number of sources. These include information from scans, and the URLs you discover as you browse the target manually. You can also see:
A list of the contents.
Full requests and responses for individual items.
Full information about any security issues that Burp discovers.
Intruder
Burp Intruder is a tool for automating customized attacks against web applications. It enables you to configure attacks that send the same HTTP request over and over again, inserting different payloads into predefined positions each time.
Decoder
Decoder enables you to transform data using common encoding and decoding formats. You can use Decoder to:
Manually decode data.
Automatically identify and decode recognizable encoding formats, such as URL-encoding.
Transform raw data into various encoded and hashed formats.
Decoder enables you to apply layers of transformations to the same data. This enables you to unpack or apply complex encoding schemes. For example, to generate modified data in the correct format for an attack, you could:
Apply URL-decoding, then HTML-decoding.
Edit the decoded data.
Reapply the HTML-encoding, then the URL-encoding.
Burp Repeater is a tool that enables you to modify and send an interesting HTTP or WebSocket message over and over.
You can use Repeater for all kinds of purposes, for example to:
Send a request with varying parameter values to test for input-based vulnerabilities.
Send a series of HTTP requests in a specific sequence to test for vulnerabilities in multi-step processes, or vulnerabilities that rely on manipulating the connection state.
Manually verify issues reported by Burp Scanner.
Others References
Documentation
This documentation describes the functionality of all editions of Burp Suite and related components. Use the links below to get started:
Last updated