Install
When downloading Burp there there is the standard install files for all major operating systems and two other operations.
- Agent Update — applicable when updating single services of an Enterprise Edition.
- JAR — java package file, this is handy if you will be running Burp in the background of your desktop machine and you want to limit the amount of memory Burp will have access to. For example starting Burp with 4Gb of memory:
java -jar -Xmx4G /path/to/burp.jar
Start Up Wizard
Every time you start Burp you will go thru the Start Up Wizard:
- Temporary project — helpful for testing a portion of an application
- New project on disk — creates a new project where our settings and progress will be saved
- Open existing project — revisit a previously created project to continue where you left off
Project files can get big quickly, often containing millions of records of HTTP requests and responses. So if you are going to be repeatedly testing the same applications it’s a good idea to create a “boilerplate” project file that you can copy and start from to save time.
It’s also handy to have project files so that you have the option to move to a bigger machine if required. Some of the automated scans can be processor/memory intensive and it is beneficial to move the project to a server (AWS, Linode, etc) and run the scan from there.
Next is the Config screen select either default or custom configurations for this Burp instance to operate under.
CA Certificate Install
Once Burp is started the first time, we need to install the CA Certificate to your browser so that we can view HTTPS traffic in Burp.
First, ensure that our Proxy is running by observing the “Running” checkbox under the Proxy/Options tab
In the browser of your choice, visit the IP address noted in your Proxy Options Interface (127.0.0.1:8080)
Click on CA Certificate to download
Add the Certificate to your browser
As the each browser is different a quick search of
“Installing Burp’s CA Certificate in {Browser}”
will give you a tutorial, but here it is in Firefox on Windows
Click on the hamburger stack -> Options -> Privacy & Security -> View Certs
Click Import
Select the cert file you downloaded previously.
Provide the highest level of trust to our imported cert
Click Ok to close out of the Certificate Manager
Set up Browser Proxy
The purpose of routing our browser traffic to Burp is for the functionality of observing and manipulating all HTTP/HTTPS traffic.
All major browsers have an ability to set up a way to route their traffic through a proxy host.
To find out how to do it with your specific browser, a simple search for “{Browser} set up proxy” will lead you to tutorials.
Here it is in Firefox
Click on the hamburger stack -> Options -> General -> Under Network Settings, click Settings
Under Manual Proxy config, enter the Burp Proxy Interface IP & Port
Click Ok to Save
In the same browser, attempt to visit a website.
If Intercept is on under the proxy, you should see your request in Burp
