Home Security How to Download and Setup Burp Suite Web Proxy

How to Download and Setup Burp Suite Web Proxy

1
134
How to Download and Setup Burp Suite Web Proxy

Burp Suite Installation

Before we attempt to either install or run the Burp Suite, we need to ensure that Java is installed on the system. It is an essential prerequisite to run Burp Suite. On a Windows system, you can simply open up the command prompt and type command “java –version” to check if Java is installed:

If you don’t have Java installed on your system, you can download and install Java from here.

Once we are sure that Java is installed on our system, we can now proceed with Burp Suite. We first need to download the Burp Suite from here.

You’ll notice there are several forms in which you can download the Burp Suite. There are individual installers for Linux, Mac OSX, and Windows. There’s also an option to download a JAR file, which can be used directly to launch Burp Suite without installing.

Downloading the JAR file is the easiest way to get started. If you choose to download the installer, it is just like any other software installer and installs the Burp Suite in a few clicks. However, Java is required to be installed in both cases. Once the JAR file is downloaded, you can simply double-click it to launch the Burp Suite.

Also Read: Introduction to Burp Suite

At times, while running large projects, it might happen that Burp Suite runs out of memory. To solve this problem, it is possible to launch Burp Suite by allocating a fixed amount of memory at startup. This will ensure that it doesn’t run out of memory once launched. This can be done using command “java -jar -Xmx2G /path/to/burp.jar” where 2G indicates 2GB of memory. This step is completely optional. We can skip it and directly execute the JAR file to launch Burp Suite with the default configuration.

If all prerequisites are met correctly, we get a startup screen.

Configuring the Browser

Now that we have Burp Suite up and running, we need to configure our browser to work along with it. First let’s consider a normal scenario without Burp Suite.

Referring to the image above, at a very high level and in simple terms, the following sequence of events happens:

  1. The end user opens up any browser of choice.
  2. The user then enters the URL of website he/she wishes to browse.
  3. The browser processes the URL of the website and renders the website for the user (a series of request and response happens in the background).

Now let’s consider another scenario wherein we have configured Burp Suite with the browser.

Referring to the image above, at a very high level and in simple terms,

the following sequence of events happens:

  1. The end user opens up any browser of choice.
  2. The user then enters the URL of the website he/she wishes to browse.
  3. The browser redirects the request to Burp Suite, which then forwards the request to the target website.
  4. The target website responds to the request and sends a response back to Burp Suite, which then passes on the response to be rendered in the browser.

So in this scenario, Burp Suite is acting as ‘Man-in-the-Middle’ between the browser and the target website. Burp Suite is able to intercept and tamper all the traffic passing through it.

We’ll also be covering how we can configure the most popular browsers to work with Burp Suite.