Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
Burp Suite allows you to combine manual and automated techniques to enumerate, analyses, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
BurpSuite allow us to forward all of the web traffic from your browser through BurpSuite so that you can see each HTTP Request and Response and manipulate it to your heart’s content. We will configure burp suite with firefox or Iceweasel in Kali Linux or Backtrack.
Let’s get started into the steps of configuring Burp Suite:
1. Open Firefox or Iceweasel and Click on Edit then Preference
2. Preference Window will be open Now go to Advance → Network → Setting
3. Select Manual Proxy then write localhost or 127.0.0.1 in HTTP Proxy area and port should be 8080. Use this proxy server for all protocols by checking the box. Clear the No Proxy field then Finally Click OK.
- If you are running burpsuite first time in your Kali Linux you will see this window Click on I Accept.
6. Burp Suit has been opened. Now Click on Proxy Tab then Click on Option Subtab and watch carefully local host interface running box should be check in Proxy Listeners.
- As we can see URL match type now at the top. Now select ‘File Extension’ and click on Edit.
- Click on Add – we are going to add a new rule.
- Select ‘File extension’ and keep Clicking UP button till ‘File extension’ reach at the 2nd top.
- We have organized it.
16. Click on Add Exception…
17. Click on View
- Click on Details Tab, Select PortSwigger CA then Click on Export.
- Choose Your Save location, (must remember the location where you are saving your certificate.) Click on Save.
- Open Your Browser Click on Edit then Click on Preferences.
- Click on Advance Tab then Click on Encryption Subtab and Click on View Certificates.
- Click on Authorities Tab then Click on Import.
23. Find the location where you saved your PortSwiggerCA. If you are unable to view saved file from the location, change your file type as ‘All File’. Select your PortSwiggerCA and Open It.
- A new window will appear, Check box ‘Trust this CA to identity websites’ then Click on OK.
- If you will scroll down your Certificates Name You will Notice your Added Certificate there. Click OK. Now, you should be able to navigate to any SSL site in burp without being prompted to trust the certificate.
26. Here we want to make is to disable Google Safebrowsing. Safebrowsing is enabled for a reason but it can cause unwanted traffic during tests so we will disable it. Go to Security Tab and uncheck two boxes ‘Block Reported Attack sites’ and ‘Block Reported web forgeries’ Click Close
That’s it 🙂