Burp

Installing Burp Suit 💻 #

❗Download Burp Suit Community edition from PortSwigger

Run installation and start Burp Suite.

Using Burp Suit 🔓 #

In the first dialog that appears we can only select Temporary project since this is the community edition. Click Next button to continue.

In the next dialog we Use Burp defaults and click Start Burp button.

In the top tabs move to Proxy tab and Intercept sub tab. Make sure Intercept is off.

Click on Open Browser to open the built in browser.

Enter your target in the URL bar.

Turn Interception on to catch requests.

Right click in the request and Send to Repeater if you want to repeat the requests. Send to Intruder to brute force requests with different payloads.

🔽🔽🔽🆘 __If you face issues using the integrated Burp browser, follow the below steps. __ 🆘 🔽🔽🔽

Otherwise - ⚡_hack_ fun!⚡

🌌Configure Proxy Settings - Firefox and Chrome🌌 - Skip this step if Burp’s preconfigured Chromium browser works without any issues. :) #

It is highly recommended to select Firefox if possible, but you can of course pick your own browser!

The following steps are a reiteration of Portswiggers complete guide please follow it, you can use the following as sanity checking. Reach out if you need help or get stuck!

📢 Burp Proxy listener 📢 #

Regardless of browser deviation from Burps, you will need to ensure that the proxy listener is active.

The listener acts as a simple local HTTP proxy server, listening for incoming connections from your desired browser. It allows you to monitor and intercept all HTTP reqeusts and responses which your browser either sends or recievs.

Please follow the Portswigger guide for proxy listener and make sure that its running.

Configure Chrome Proxy with 🐲 Windows 🐲 #

This section is if you would like to utilize Chrome with Windows instead of Burps integrated browser.

Follow the steps then proceed to the CA certificate step, as you currently can only process HTTP requests.

Installing or uninstalling Burp CA certificate for Chromium - Windows #

This step is to enable HTTPS traffic between your Burp application and Chromium.

Ensure Burp is running on your localhost then follow the Chrome for Windows guide

Don’t forget that you can also remove the certificate after completed training!

To remove the certificate from Windows:

Open Chrome and go to the Customize (hamburger) menu. > Select Settings and open the Privacy and security menu. > From the Security menu, select Manage certificates. > Select the certificate and click Remove. > Click Yes > Yes to confirm, and then click Close.

Configure 🦊 Firefox 🦊 with Windows #

This section is if you would like to utilize Firefox with Windows instead of Burps browser.

Follow the steps then proceed to the CA certificate step, as you currently can only process HTTP requests.

Installing or uninstalling Burp CA certificate for Firefox - Windows #

This step is to enable HTTPS traffic between your Burp application and Firefox.

Ensure Burp is running on your localhost then follow the guide

To remove the certificate from Firefox - Windows:

To remove Burp’s CA certificate from Firefox, go back to the View certificates > Authorities dialog and select PortSwigger CA. Then, click Delete or Distrust, click OK, and restart Firefox.

🦊FoxyProxy🦊 #

If you are utilizing Firefox, its a possibility but no necessity to use the FoxyProxy extension. It is a open-source proxy management tool for Firefox since 2006, which improves the proxy capabilities. Several benefits, but they are all for comfort such as proxy switch methods, customization/settings, and additional shortcuts, global exclusions and fancy logging.

Brief how-to guide: #

  1. Install FoxyProxy here
  2. Access FoxyProxy options in the top right of Firefox
  3. Create Burp Proxy configuration: Options > Add the following: Title: Fancy name of your Proxy IP: 127.0.0.1 Port: 8080 (if taken, use 8081 etc.) Then save configuration
  4. FoxyProxy settings > Select the proxy name > You can now intercept HTTP
  5. To enable HTTPS: Activate Proxy > http://burp/cert > download cacert-der
  6. Open Firefox > about:preferences > search for “certificates” > view certificates > import the CA certificate > Trust this CA to identify websites and email users
  7. You should now be able to browse TLS

Hack fun!🙈🙉🙊