Skip to content
  • Home
  • OWASP Top 10
  • Bug bounty hunting
  • About
  • Contact
  • How to support

OWASP Top 10 training for Burp Suite

April 22, 2021 by thehackerish

Hello and welcome again in this OWASP Top 10 training series. In this blog post, you will setup Burp Suite. Then, you will configure it to capture HTTP traffic.

By the end of this blog post, you will have everything ready to start practicing all the OWASP Top ten vulnerabilities.If you would like to setup Zaproxy instead, I prepared a step-by-step guide to do it here. My suggestion is to setup both OWASP Zap and Burp Suite and get yourself comfortable in working with them. They are both the best tools to have under your ethical hacking belt.

OWASP Top 10 training setup steps for Burp Suite

Burp Suite is a web application security testing collection of tools developed by Portswigger Web Security. If this doesn’t ring a bell with you, you should add @albinowax in your Twitter account and google Postwigger Academy, you will thank me later 😉  

Burp Suite is a great piece of software which enables you to perform the same tasks as OWASP Zap does. It comes with a free, Pro and enterprise version. The Pro version includes the Burp Scanner, which is for automated(ish) testing. The enterprise version is meant for enterprise environments where you need to constantly scan your assets. 

For now, all you have to know is that the free version is more than enough for the purpose of this training.

Setup Burp Suite Community Edition

  1. As we did with Owasp Zap, go to the download page and download Burp Suite Community Edition. This is the free version.
  2. Follow the setup instructions by clicking the Next button.
  3. When the installation is done, click on the Finish button.
  4. When you open Burp Suite, you will have the only option to use a temporary project, which is fine for our case. Click Next. Then click “Start Burp”.

Configure Burp Proxy settings

  1. In the top left you can see tabs. Click on the one named “Proxy”, then the tab OptionsOWASP Top 10 training: Burp Suite proxy settings
  2. Make sure you change the port to 8087, or any other port that you’d like which doesn’t interfere with an already running service. Remember that if you have Zaproxy running from the previous episode, you obviously cannot use its port in Burp Suite.

Configure the web browser

  1. To configure Foxyproxy add-on, follow the same steps as we have done in Zaproxy and create a new proxy with the port 8087. Give it a meaningful name, like “Burp”
  2. Now we are going to import Burp CA certificate. Go to http://burp, make sure that you have chosen Burp as your proxy in FoxyProxy.
  3. Click on CA Certificate on the top right corner of the web page.
  4. Follow the same steps as we did in the Zaproxy setup part to import the downloaded certificate into Firefox.

Testing HTTP traffic with Burp Suite

  1. Go to the Proxy tab, then the Intercept tab
  2. Disable “Intercept is on”, and click on the “HTTP history” tabOWASP Top 10 training: Burp Suite HTTP history
  3. Go to any web page on your Firefox browser, you should see HTTP traffic coming through Burp Suite in the HTTP history.

Congratulations! You’ve made another step forward towards practicing OWASP Top 10 vulnerabilities! In the next episodes, we will set up and configure our vulnerable web applications.

That’s it for today! I hope you enjoyed reading this blog post. Stay tuned for the next one. If you’d like to be notified when there is news on thehackerish.com, please subscribe to the Newsletter below. Until then, stay curious, crave for learning, be ethical and share with the world!

Find the video here

Post navigation

Previous Post:

OWASP Top 10 training setup for OWASP Zap

Next Post:

OWASP Webgoat download and installation – OWASP Top 10 training

Get you Free hacking lab VM.

free-hacking-lab-vm
Click on the image and get all you need to kickstart your journey in Web Hacking!

Overcome your struggles and become a successful bug bounty hunter!

Bug bounty hunting journey book
Click on the image and grab your own copy NOW!

Listen to the Hack for Fun and Profit Podcast

Support my work!

Categories

  • burp suite
  • Hacking
    • bug bounty
    • Penetration testing
    • red team
  • OWASP
    • OWASP juice shop
    • OWASP Top 10
      • OWASP Top 10 training
      • OWASP Top 10 vulnerabilities
    • OWASP WebGoat
    • OWASP ZAP
  • Secure coding
  • Uncategorized

Overcome your struggles and become a successful bug bounty hunter!

Get you Free hacking lab VM

free-hacking-lab-vm
free-hacking-lab-vm
© 2023 thehackerish | Built using WordPress and SuperbThemes