Open In App

How to Setup Burp Suite for Bug Bounty or Web Application Penetration Testing?

Last Updated : 30 Sep, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

BurpSuite is a set of tools for penetration testing the security of web-based applications. It comes as an all in one tool and it is very famous for its usability. Setting up Burp for penetration testing of web applications is very straight forward.

Starting the Proxy Server:

  1. Go to the Proxy Tab
  2. Go to Options Tab
  3. Input the IP address of your loopback interface(127.0.0.1) and a port number(like 8080).
  4. Do not use port numbers that may be used by other applications(like 443 or 80).
  5. Setup a proxy client in your browser.

Some browsers have their inbuilt proxy client, some rely on system proxy settings and some provide both the options. You should go with the browser that has an inbuilt proxy client so that you can continue doing your normal internetwork with some other browser without having to change settings. Once the proxy server and the client are running you will see that the intercept tab of the proxy tab will show you an HTTP request. Now you can monitor all the traffic going through your configured browser.
But, there is a problem. At this point, you can not intercept the HTTPS requests. Why? Because HTTPS is trying to set up a secure tunnel and can only send the requests to the trusted proxy server(s). To make your Burp Proxy server trusted, you need to set Burp’s Certificate Authority PortSwigger as a trusted CA in your browser. You can do this by:

1. Exporting Burp’s CA Certificate on Your Computer:

  1. Go to options tab of the proxy tab.
  2. Click on “Import/Export CA Certificate” button.
  3. Select “Certificate in DER Format” under “Export” section.

  4. Click on “Next” and click on “Select File” in the next window.

  5. Select the directory where you want to export your certificate, the trick here is to not go too deep in the structure and save it in some easily accessible folder.

  6. The selected directory folder appears in the “Look In” section.
  7. Give a name for the certificate in “File Name” and put extension as .der
  8. Click on “Next” and a success message should be shown as follows.

2. Adding the Root CA as Trusted CA in Your Browser:

A. For Mozilla FireFox:

  1. Go to Menu-> Options.
  2. Go to “Privacy and Security” window and scroll to the “Certificates” section
  3. Click on “Import” in the certificate manager pane.
  4. In the next window check “Trust this certificate to identify websites” and click on “OK”.

For reducing the overhead of changing proxy settings of the browser, I’d recommend that you install an extension to manage the same right from the home window. The extension I use is “FoxyProxy”.

B. For Chrome: Chrome does not have its own proxy settings so it uses the system’s proxy settings. It can be for our purpose by adjusting the system proxy settings but that will make a lot of things messy. For example, all of the requests/responses will go through your Burp proxy regardless of your target(requests/responses from your browser as well as other apps that use the internet). This is why it is recommended that you use a browser with a built-in proxy like Firefox.
This sets you up for getting started with web app pentest using BurpSuite. Now is the time to test that everything is working fine and the Burp Proxy is able to intercept all the request-response pairs. This can be easily checked by accessing a website in the browser and identifying that there are HTTP requests to those websites intercepted by the burp proxy.

Further Tweaking: There are some more things about Burp Proxy which you should know before getting started as it will save you a lot of time by reducing the unnecessary clutter in your HTTP history tab.

  • You can specify which type of requests and responses will be intercepted by the proxy by using the extensions. This is available in the options window of the Burp Proxy.
  • You can filter choose which requests and responses will be shown in the HTTP history tab by applying generic filters directly by clicking on the label “Filter:” on the top of the tab.
  • You can also specify these filters while intercepting a single request or response by clicking on the “Action” button in the “Intercept” tab.

Similar Reads

Understanding Blind XSS for Bug Bounty Hunting
Blind XSS VulnerabilityBlind XSS is quite similar to stored Cross-Site Scripting attack where the input provided by the attacker is saved or stored by the web server and this stored input is reflected in various other applications which are linked with each other. It only triggers when the attacker's input is stored by the web server in a database
5 min read
5 Must Have Tools For Web Application Penetration Testing
A set of decent tools is an essential for any being efficient at anything. Usually tools are limited and have a well defined role and usage. But when it comes to software tools, the numbers are large with boundaries of usage domains diminishing. A newbie can easily get confused over all the options available and end up with tools that do not fully
4 min read
What is Burp Suite?
Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite aims to be an all in one set of tools and its capabilities can be enhanced by installing add-ons that are called BApps. It is the most popular tool
5 min read
User Directed Spidering with Burp
User Directed Spidering with Burp is a great way to catch security vulnerabilities in a web application. A spider is a software that goes through your website, following every link and looking for the next page it needs to visit. This means it can't get stuck when there are loops or missing links - which is what would happen with a regular browser
3 min read
Top 50 Penetration Testing Interview Questions and Answers
Penetration testing stands for a process where the security of a computer system is tested by trying to gain access to its internal systems. In order to carry out penetration testing, an attacker must first identify which ports are open on the target machine and then use those ports in order to exploit security vulnerabilities. Once these vulnerabi
23 min read
Evil-winrm Tool For Penetration Testing
This program is available on all Microsoft Windows servers (usually port 5985) that have this feature enabled. Of course, only if you have the credentials and permissions to use it. Therefore, it could be used during the post-exploitation hacking/penetration testing phase. The purpose of this program is to provide convenient and easy-to-use feature
2 min read
Difference between Mobile App Testing and Web App Testing
Mobile App Testing: Mobile app testing refers to process of testing application software simply for controlling and handling mobile devices. It is used to test mobile app for its functionality, usability, compatibility, etc. Web App Testing: Web app testing refers to process of testing application software hosted on web to ensure quality, functiona
3 min read
What is Heartbleed Bug in Ethical Hacking ?
Heartbleed bugs are categorized as Common Vulnerabilities and Exposures, the standard information security vulnerability name managed by MITER as CVE-2014-0160. This is a buffer over-read-if the system allows data access, that should be restricted. This allows an attacker to steal the private key of the server certificate. If the server version is
3 min read
Efficient Git Bisect Strategies for Rapid Bug Isolation
In software development, encountering bugs is a common occurrence. When faced with a bug, developers need to quickly identify the commit that introduced the issue to rectify it efficiently. Git bisect is a powerful tool provided by Git that automates this process by performing a binary search through the commit history to pinpoint the exact commit
5 min read
AngularJS End to End (E2E) Testing Protractor Installation and Setup
The Protractor is an end-to-end test framework developed for Angular and AngularJS applications. It runs tests against the application interacting with it as a real user would, running in a real browser. Features of Protractor: Tests using browser: Protractor uses native events and browser-specific drivers to interact with the application.Build for
2 min read