Burp Suite Setup Guide

Aug 16, 2025

Overview

This lecture explains how to install, configure, and use Burp Suite Community Edition for basic web application testing, with a focus on proxy setup and core tool features.

Introduction to Burp Suite

  • Burp Suite is a suite of web application testing tools that intercept, inspect, and modify web traffic.
  • The Community (free) edition is suitable for beginners and provides many useful features.
  • Burp Suite requires setting up a proxy so it can intercept browser requests.

Installation and Setup

  • Download Burp Suite Community Edition from Portswigger's website and choose the correct installer for your operating system.
  • Install Burp's CA certificate in your browser to avoid TLS warnings; follow browser-specific guides for this step.

Configuring the Proxy

  • Rather than changing browser network settings manually, install a proxy browser plugin like FoxyProxy for easy toggling.
  • In FoxyProxy, create a new profile named "Burp Suite" with IP 127.0.0.1 and port 8080.
  • Enable the Burp Suite proxy profile only while testing; turn it off when not in use.

Testing the Configuration

  • With Burp Suite running and FoxyProxy enabled, browser requests are routed through Burp.
  • The Proxy tab in Burp should light up when intercepting requests.
  • Click "Intercept is On" to turn intercepting off and allow pages to load fully.

Using Burp Suite Tools

  • Right-click requests to send them to different Burp Suite tools for testing.
  • Target Tab: Displays all collected traffic and allows setting the scope (which domains to include/exclude).
  • Proxy Tab: Shows browsing history and lets you intercept requests.
  • Spider Tab: Crawls websites to discover URLs; best used with scope set.
  • Scanner Tab: Only available in the paid version for automated vulnerability scanning.
  • Intruder Tab: Performs automated attacks (e.g., brute force, fuzzing) but is slow in the free version.
  • Repeater Tab: Allows manual modification and resending of HTTP requests for testing different payloads or methods.

Key Terms & Definitions

  • Proxy — An intermediary server through which requests are sent to inspect or modify them.
  • CA Certificate — A digital certificate used to establish trust for SSL/TLS interception.
  • Scope — The set of domains or URLs that Burp Suite is configured to test or monitor.
  • Intruder — A tool for automating variable payload attacks within requests.
  • Repeater — A tool for manual testing by modifying and resending individual HTTP requests.

Action Items / Next Steps

  • Install Burp Suite Community Edition and configure your browser with FoxyProxy.
  • Set up and trust Burp's CA certificate in your browser.
  • Explore Portswigger Academy labs or PicoCTF challenges (aHEAD, Cookies) to practice using Burp Suite.

View note source

https://learnhacking.io/basic-web-skills-setting-up-burp-suite/