Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

burp guide

  1. Install https://portswigger.net/burp/communitydownload;

  2. Browser:

  • Chrome The Chrome browser picks up the HTTP proxy settings configured on the host computer. If you are using Chrome, you can open your computer's built-in browser and follow the instructions for configuring that. If you aren't sure where the built-in proxy settings are, open Chrome, go to the Customize menu, select Settings, click on "Show advanced settings", and click the "Change proxy settings ..." button. This will open the relevant configuration options for your host computer. On Mac, it will open network config. Click on web proxy checkbox and for web proxy server put 127.0.0.1 and for port put 8080. Click Ok and then apply.

  • Firefox Go to the Firefox menu, click on Preferences and at the bottom you hace network proxy. Click on setting next to it. Select the "Manual proxy configuration" radio button. Enter your Burp Proxy listener address in the "HTTP proxy" field (by default instructions 127.0.0.1). Enter your Burp Proxy listener port in the "Port" field (by default, 8080). Make sure the "Use this proxy server for all protocols" box is checked. Delete anything that appears in the "No proxy for" field. Then click "OK" to close all of the options dialogs.

  1. Open burp suite and choose temporary project and click next. Choose use burp defaults and click start burp;

  2. Once you have Burp running go to the Proxy Intercept tab, and ensure that interception is turned on (if the button says "Intercept is off" then click it to toggle the interception status). Then go to your browser and visit any URL.

  3. Now you are ready to use burp. Any outgoing request will be visible and you will be able to change it and forward changed request to targeted server (in proxy tab, choose intercept tab).

Additional useful links: https://portswigger.net/burp/help/suite_gettingstarted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment