foreword
Burp Suite is an integrated platform for attacking web applications. It contains many Burp tools. These different Burp tools work together to effectively share information and support attacks based on information in one tool for use by another tool.
It is mainly used for security penetration testing. It can intercept requests, Burp Spider crawlers, vulnerability scanning (paid), etc. similar to Fiddler and Postman, but it has more powerful functions than it. Next, start our installation tutorial.
First attach the link: . . . . If you have been unable to pass the review after adding the connection, let me know in the comment area! I send it to everyone!
Burp Suite installation
Burp Suite is written by the Java language, and the cross-platform nature of Java itself makes the learning and use of the software more convenient. Unlike other automated testing tools, Burp Suite requires you to manually configure some parameters and trigger some automated processes before it will start working.
So we need to install a JDK1.8 version before installing Burp
Click Next
Just remember your installation path, then click Next to complete the installation
After opening our environment variable
1. Select "This PC", right click and select "Properties".
2. Click "Advanced System Settings" on the left.
3. Then click "Environment Variables" under "Advanced".
Need to add these three environment variables
New environment variables JAVA_HOME and CLASSPATH
Variable name: JAVA_HOME
Variable value: C:\Program Files\Java\jdk1.8.0_201
Variable name: CLASSPATH
Variable value: .;%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar;
Select the environment variable with the variable name "Path" in "Environment Variables", double-click the variable, click New on the right, add these two lines of java path (the path is the path when you just installed it yourself) and create a new variable. As shown below
Variable name: Path
Variable value: %JAVA_HOME%\bin;%JAVA_HOME%\jre\bin;
After the addition is complete, click OK, open cmd and enter java
When these messages pop up, it means that your jdk has been successfully installed, and we will proceed to the next step
Download our Burp
Double-click to open burp-loader-keygen.jar
Here I want to remind you that double-clicking may not respond, if double-clicking does not respond. If the burp-loader-keygen.jar file cannot be opened, then we need to open it with java in cmd. Many bloggers have not mentioned this! At that time, I also stepped on the thunder here XD (if it cannot be opened here, there should be a problem with the environment variable configuration, you can go to see if the variable configuration is correct)
Enter cmd in the file path local field to open cmd in the current file, enter:
java -jar burp-loader-keygen.jar
The following window will pop up, just click the run on the right (if there is no response after clicking run, we can go back to the file list, click manually, and run Mint.vbs)
Click Manual activation in the pop-up window
Copy the code in the red box to the other side
Then copy the content that pops up on the left to the right, and click NEXT to complete
Then we started to use the BURP software, open BP, we can choose the default temporary file, click next
Click directly to enter
After opening the software, the first thing we should do is to debug the software and browser proxy, so that BURP can work normally and capture packets
Click to this location, the port set by my Burp Suite is 8080, it depends on each person’s settings, here I suggest that everyone set 8080, this does not have a big impact.
Then we open a browser at will (I take Firefox as an example)
Click Settings in the upper right corner
Pull down to the bottom of General here, and then you can see the network settings, click [x]
Choose to manually configure the proxy, and then set it up like me. The port should be consistent with the one on Burp
(Note that if the proxy is manually configured, but Burp is not turned on, the browser will not be able to access other websites! So it is recommended to configure the proxy when using BP, and do not set the proxy if you do not use BP)
After setting up, we use the browser to browse a website casually, and find that the data packet has been intercepted by our Burp, we can add, delete, modify and check functions on Burp (for example, I visit a Baidu)
At this location, we can view our data package. We can modify the packet and resend it.
Epilogue
Burp Suite has a lot of functions, it can scan, capture, brute force, replay and other functions, all of which need to be learned by yourself, if you master how to use it, it will definitely be even more powerful in your daily work!
And in future shooting range training, we will often use Burp Suite!
Since the csdn link has been unable to pass the review, students who need to leave a message can send me a tool kit.