Web application security is crucial in today’s interconnected world. It has become increasingly important, as the number of cyber threats and vulnerabilities continues to rise. Burp Suite is a powerful tool to help you find and fix these security flaws. This tool is popular among developers, QA testers, and web security experts. This tutorial shows how to install Burp Suite on Linux.
What Is Burp Suite?
Burp Suite is a unified platform for penetrating and evaluating the security of web applications. It is a comprehensive suite of features that helps security analysts and white-hat hackers find and exploit deficiencies in web applications.
Common vulnerabilities like Cross-Site Scripting (XSS), SQL Injection, and Insecure Direct Object References (IDOR) can be uncovered through Burp Suite by analyzing and manipulating HTTP requests and answers. It functions effectively as a Mitmproxy, allowing you to intercept, analyze, and alter traffic in both directions.
Burp Suite is known for its plethora of tools, which include Proxy, Scanner, Intruder, Repeater, Sequencer, and Extender.
Updating your system is always recommended before you install any software, as it ensures that your system is updated with the latest security patches. Run the commands below to do so.
For Linux distributions based on Ubuntu and Debian:
sudo apt update && apt upgrade -y
Next, check your system’s Java version:
You are ready to download and install Burp Suite.
Downloading and Installing Burp Suite on Linux
- Go to the PortSwigger website and check the download section for the download link.
- The Burp Suite Community Edition is a free version and adequate to start finding bugs and application security. Select “Burp Suite Community Edition” from the drop-down list for Linux 64-Bit to begin the download.
- After the download is finished, launch a terminal.
cdto the Download folder, then run the
chmodcommand to make it executable.
cd ~/Downloads chmod +x burpsuite_community_linux_v2023_4_4.sh
- Run the script with administrative privileges:
sudo ./ burpsuite_community_linux_v2023_1_2.sh
- You will find the Burp Suite installer on-screen, just after the script runs. Click “Next” to proceed with the installation.
- Open the app drawer and search for Burp Suite, then click to launch it.
Setting Up the Browser with Burp Suite
While Burp Suite is compatible with other web browsers, it will need additional browser configurations for it to do its work better.
Note: we are using Mozilla Firefox as the primary browser for this example.
To start, we need to install the FoxyProxy Standard extension, a tool that allows users to configure their browser to use a proxy server. Burp Suite uses this tool to intercept and modify the traffic between the browser and the server.
With the extension installed:
- Click the FoxyProxy icon in the plugins menu and select “Options” from the drop-down list to access the FoxyProxy options.
- Click the “Add New Proxy” button to create a new proxy configuration.
- Enter any name for the new proxy configuration in the “Proxy Details” tab.
- In the “Proxy IP Address” field, specify the IP address as 127.0.0.1 and the port number as 8080, the defaults.
- Click the “Save” button to save the updated proxy configuration.
- Click on the FoxyProxy icon in the toolbar to activate it.
The browser can now send and receive traffic via the Burp Suite application.
Setting Up the Security Certificate
Follow the steps below to set up the security certificate.
- Launch a browser and open http://127.0.0.1:8080.
- Select “CA Certificate” on the top right and save the file.
- Head to the browser’s Settings and navigate to the “Privacy and Security” tab.
- Find the “Certificates Section,” click “View the Certificate,” and select “Import.”
- Select the certificate in the pop-up window and click the “OK” button.
Now we are ready to test Burp Suite.
To test the Burp Suite application, open it, then click the “Intercept” button under the proxy tab and turn it on. You will be able to see the incoming traffic.
Running Burp Suite
- Once you open the Burp Suite application, it will ask which project to start with: either a temporary project or existing open project.
- After the project type is selected, press “Next,” check the “Use Burp defaults” option, then click “Start Burp.”
- The Burp Suite Community Edition will start the project. You will find the list of tools required for testing applications at the top of the page in a line.
- You need to fix the proxy settings first, then press the “Intercept On” button. Once you open the browser, the Burp Suite Proxy feature will come into play. You will be able to see the traffic activity and data packet details of the current network.
Now you are ready to test your new application on Burp Suite. Do also check out more open-source security tools for Linux.
Uninstallation of Burp Suite
While installing and configuring Burp Suite is quite a hefty task, uninstallation is the opposite.
- Move to the app directory and find the script “uninstall.sh.”
- Make it executable:
chmod +x uninstall.sh
- Run the script:
- The Burp Suite uninstaller will appear. Follow the on-screen instructions to uninstall the Burp Suite application from your Linux system.
Frequently Asked Questions
Is the Burp Suite Community Edition appropriate for commercial use?
Yes. It is entirely free to use and doesn’t require any licensing costs. The Professional Edition of Burp Suite is also available, providing enhanced features and customization options.
What are the limitations of Burp Suite Community Edition?
While the Burp Suite Community Edition provides essential security testing tools, it has several drawbacks compared to the Professional Edition. Some of these restrictions include restricted scanner tool functionality, limited reporting choices, and fewer options for customization.
Image credit: Pexels. Alterations and screenshots by Surajit Saha.
Our latest tutorials delivered straight to your inbox