Burp Suite Tutorials 1 Getting Started with Burp

Burp Suite Tutorials - Getting Started with Burp

Burp Suite Tutorials - Getting Started with Burp



The Burp Suite is tightly a combination of open tools that allow efficient security testing of modern-day Web Applications

It provides a comprehensive combination of tools that allow you to automate and manual workflows to test, estimate and attack Web Applications of all aspects and areas. 

It's easy to start with Burp Suite. With some applications, we can be very intuitive and efficient to use various power tools, which are offered Burp Suite.

The Burp Suite is a piece of modern software written in Java language. Java makes it extremely versatile for use by cross-platform and newcomers and Professionals

This article will give you enough information while you start with Burp Suite, which will facilitate our journey to get acquainted with the Burp Suite

Unlike point-and-click automatic Scanners, the tool is used in a way of manual use, and when it makes it easy to automate parts of the test, the tool can do a lot in hands. specialist. 

Since our purpose is to customize the way we use Burp Suite through this article, we will know some tricks, which will make it easy to start with Burp Suite.

Burp Suite is distributed as a single Java archive (.jar) file. The free version can be downloaded from Download Burp Suite Free Version

There is no registration or form to fill, but if you get the Pro Version, which I highly recommend, then you have to buy from the same website to be able to download it. 

There are significant differences between the Community Edition and the PRO Version, but if you are a serious tester looking for the best price-for-money Scanner/Web Application security device, then it should be a Burp Suite Pro.

The main differences between the free version and the Pro Version of the Burp Suite are:

  • Burp scanner
  • Ability to save and restore your work
  • Engagement tools, such as target analyzer, content discovery, and task scheduler

These are the topics we will include in this Burp Suite Tutorial:

  • Starting the command line
  • Setting memory options based on our requirement and system RAM
  • Troubleshooting any IPv6 errors occurring occasionally

The software requires Oracle Java 1.6 or above to run.

Oracle Java 1.6+ is usually installed for Windows and Mac OS X

If this is not installed on your computer, go to https://www.java.com/en/, choose the version of the Java Runtime Environment (JRE) for your Operating System, follow the installation instructions. 

The official documentation warns users to double-click the .jar file. 

This is to make sure that we can explicitly specify the amount of RAM allocated for the Burp Suite process when starting it.

Some people have successfully operated Burp with other flavors of Java, but for now, we will focus on running it well with Oracle Java 1.6 or above.


Starting Burp from the command line 


There is not a detailed setup process in Burp Suite. Starting Burp Suite is as simple as executing a command in the shell of your choice.

To start Burp Suite, Java must already be installed and configured on your computer. If your computer is not already Java 1.6+, then you can get it for free from https://www.oracle.com/technetwork/java/javase/downloads/index.html. We need JRE, so click the Download button under JRE.

If your computer already has Java 1.6 or above installed, execute the following in your shell:

java -jar /path/to/burpSuite.jar

Those who have Java Programming, they will understand what's going on here. We are passing a JAR for Java Runtime. Please note that there are no command-line options which need to be passed to the Burp Suite.


Specifying memory size for Burp Suite 


If we start the Burp Suite by double-clicking on the .jar file, the Java runtime will automatically allocate the maximum memory available for Burp Suite. The total amount allocated may vary depending on available system RAM. 

Because the Burp Suite will capture hundreds and sometimes thousands of Requests and Reactions of different sizes, so when we start the program, it makes sense to allocate memory.

It is likely that if the total storage is not available then the Burp Suite may crash. While evaluating the safety, we may lose valuable data regarding evaluation due to interruption in our work or crash of the Burp's suite. 

Therefore, it is prudent to specify how much system RAM has been allocated for the Burp Suite at the beginning.


Specifying the maximum memory Burp Suite is allowed to use


We can use the command-line flag provided by Java to make sure that while running our security evaluation, use more memory, more and more, near Burp:

java -jar -Xmx2048M /path/to/burpsuite.jar

java -jar -xmx2g /path/to/burpsuite.jar

These two commands will allocate 2GB RAM to the Burp Suite

We can also pass options for gigabytes, megabytes, or kilobytes. You can read more about this Oracle page at https://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/jrdocs/refman/optionX.html#wp999528

This should be sufficient for most of the web applications that need to be tested. If you have more system RAM to spare, you can increase it even further. 

There is a small warning that you should know. If you increase the allocated memory to the Burp Suite beyond 4 GB, then the Java Virtual Machine (JVM) Garbage Collector (GC) will need to do more work. This is known to adversely affect the performance of Java-based applications. 

Keeping this in mind, there are clear performance advantages that can be achieved by increasing the minimum heap size by default, which can be reduced to 128 MB on older machines.

Ensuring that IPv4 is Allowed

Occasionally, the IPv6 address is picked up on the Java interface, and Burp Suite is unable to make any connection to the websites returning to the IPv4 address. As a result, there is a Java error, which is as follows:

java.net.SocketException: Permission denied

The browser also shows a secret error, which is as follows:

Burp Suite proxy error: Permission denied: connect

If we ever face this error, we only have to tell Java that we want to use the IPv4 interface after passing the following parameters for runtime:

java -Xmx2048M -Djava.net.preferIPv4Stack=true -jar /path/to/ burpsuite.jar

This command and the flag tells the Java runtime that we would prefer the IPv4 network stack to run the Burp Suite JAR file. Another option is to set the Java Options environment variable.

Please note that by running preceding commands, the IPv6 interface will be disabled.

Many people have reported it as a bug on the Burp Suite Support Forum. Most of those who complained were using the Microsoft Windows 7 64-bit operating system, which was running a 32-bit version of JVM.

Working with other JVMs

Burp's official document does not say anything about not working with JVM, except the official Oracle Java. There was a time when we tried to run the Burp Suite with OpenJDK, then it would start with a warning. But now, it runs completely without warning in black with OpenJDK.

Black is a Linux-based distribution that is specially designed for testing and testing of applications and networks. Previously, it was known as Kali Linux. In the following screenshot, we can see that it runs OpenJDK JRE and is able to run Burp Suite without any problems


Burp Suite Tutorials - Getting Started with Burp

Summary

We have successfully managed to launch the Burp Suite. Generally, we just double-click on the application shortcuts and it works. However, if you want to use the full power of the application, then we need to understand some underlying concepts of memory and networking.

In this Burp Suite Tutorial, you have learned how much RAM is allocated and reserved for the specified quantity for use during Burp Suite's run. This will ensure that while doing a security assessment, the issue of memory will not in any way hinder our progress. We also saw an error that can crop, which is quite difficult to understand until you have not seen it before.

Now that we have successfully started the Burp Suite, in the next Burp Suite Tutorial, we will see how to configure your web browser to send web traffic for interception and analysis.

Related:


Hi'i'm Rahim Ansari ,from India, I Love to Blogging, Desing Website, Web Developing and Desiging I Like to Learn and share Technical Hacking/Security tips with you,I Love my Friends.

Please Ask Question on Comment Box

Related Posts

Previous
Next Post »