Burp Suite for Web Application Security

Setting Up Burp

BurpSuite is another tool that comes bundled with Kali. It is great tool for testing web application Security. So, as always, I have set up my tools in Virtual Environment. I am using Kali VM and a Bee-Box, which is Ubuntu Web Server, made for us to test 🙂 . You can download Bee-Box VM from here. Make sure you are not testing BurpSuite on any internet website, unless you want to get into trouble 😉 Another similar application to Bee-Box is DVWA. The installation process of DVWA is defined here.

Once done, in Kali, type the IP address of your Bee-Box in browser.

Configuring browser to work with BurpSuite

The first thing that you need to do is to configure your browser to work along with Burp, which acts as a proxy.

Firefox sends the request to Burpsuite, and Burp then talks to the website. In this way, every packet goes through the Burp and this is where, you would be able to see the raw packet information, even if it is https. This information can be manually edited before forwarding the information to the website.

Below are few steps to Configure firefox browser to work with the proxy:

1. Open the browser and Click the setting menu on the right side of your browser. Click “options”. In the “network” tab, click “settings”. 
2. In the new Configuration window, Select “Manual proxy Configuration” as your computer (localhost). Make sure to delete anything in box “No proxy for”.

Setting up a Burp as a Proxy

Proxy tap in BurpSuite is used to intercept the traffic. For this, Go to Proxy -> Intercept, and turn the intercept ON. Note that, when intercept is on, the Burp wont forward the request to the browser, until it is turned off. This is where you can make changes or edit session cookies. To forward the request, turn the intercept off by clicking “intercept is On” or “forward”. If you wish to drop the packet, you can drop it by clicking “drop”.

Once done with set up, lets move forward doing more fun stuff with Burp. 🙂 Happy Learning!!