How to get a Burpsuite
Method one:
First, let's introduce Burpsuite Community (community version) in Kali linux, to put it bluntly to serve the student party, it has less vulnerability scanning function than the professional version. (The advantage of Burpsuite interception under Kali in the virtual machine is that there is no need to install a certificate in the browser.)
If we want to listen and proxy interception of browser data, we must set the HTTP proxy and Burpsuite listening port
There are several ways to intercept agents:
- Burpsuite in kali intercepts the data in the browser of the physical machine:
then, our Burpsuite must set up all interfaces that listen to port 8080.
At the same time, set up an HTTP proxy in the browser of the physical machine, and the proxy is the IP of
kali , kali IP queryip acan be found by typing in the terminal .
When the browser on our physical machine proxies Kali's IP, Kali's browser is proxied, and it cannot access any pages at the same time.
After this is set, we can intercept the data packet through Kali's Burpsuite. After
we open the physical browser proxy, we can try to capture the packet and intercept it. Enter a URL query in the browser URL bar, the page cannot be loaded (Of course, the premise here is that the interception is turned on, otherwise, the page will not load and the package will not be captured), but then Burpsuite on Kali can capture the packet
- Kali Burpsuite intercepts the Kali browser data packets. Similarly, the browser must be set to the
Kali IP. At the same time, Burpsuite's monitoring can use all the previous 8080 interfaces, or add another Kali IP interface, and the port
can be unified to 8080. Enter the address in the URL field of the browser, and capture the package in Burpsuite
Method 2
After understanding the interception of Burpsuite under kali in the virtual machine, the interception of Burpsuite in the physical machine is easy to understand.
After downloading Burpsuite from the physical machine (generally all the software professional version requires money), we need to install the certificate in the browser.
Two sources of certificates:
one:
each Burpsuite comes with its own certificate, which requires us
to export it, named after cacert.der after next, choose the location you want to download
Second: download
from http: // burp URL , But there is a prerequisite for accessing this URL. At the same time, open the HTTP proxy, where the proxy is the physical machine IP or 127.0.0.1, port 8080; and open Burpsuite interception, and the listening address is added 127.0.0.1, port 8080, so as to access .
Note: The
certificate has a byte size, normally 1KB, if not, it means the download failed.
Install certificate
Open Firefox browser certificate management:
Options-> Privacy and Security-> View Certificate-> Certificate Manager-> Import-> Open the certificate folder to select the certificate
and then we have to trust
the certificate and display it when querying in the certificate authority Picture style, it means success.
After the certificate is installed, we can intercept all data packets.
Next, it is a principle to intercept the browser of the physical machine or the browser of the virtual machine on the physical machine. Whoever intercepts the browser, Burpsuite listens to the address to fill in the IP address of the machine, the port is 8080, the default is, HTTP The same is true for the proxy. The only special thing is that Burpsuie under kali in the virtual machine cannot directly monitor the IP address of the physical machine. You must transition through the IP of kali. In summary, the Burpsuite proxy interception in kali is as mentioned above,
and The Burpsuite agent interception in the physical machine is as follows:
- Monitor the physical machine browser:
The IP and port of the HTTP proxy are consistent with the physical machine IP, and the listening port and IP of Burpsuite are also consistent with them. - The
HTTP proxy IP and port of the browser monitoring in kali are consistent with the settings in Burpsuite, and are the same as the IP port settings of kali.
