Burp suite

From ArchWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

From the official website:

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, to finding and exploiting security vulnerabilities.

Installation

Install burpsuiteAUR from AUR.

This will install Burp Suite Community (free edition).

Configuration

Burp Proxy will work out of the box with HTTP connections. For HTTPS, PortSwigger's certificate must be installed first.

Install HTTPS certificate in Firefox

Start up Burp:

$ burpsuite

Open the Proxy -> Options. In the Proxy Listeners section add a new interface. Set Interface to 127.0.0.1:8080 and make sure the Running checkbox is enabled.

Navigate to http://127.0.0.1:8080/ in Firefox, click the CA Certificate link at top right and save the certificate file somewhere.

In Firefox open the Options tab and go to Privacy & Security -> Certificates -> View Certificates... -> Authorities. Click Import and select the file. Check the Trust this CA to identify websites checkbox and click OK.

Fix "An unknown error has occurred"

The installed Java version might be the cause of an in-browser Burp error stating simply "An unknown error has occurred."

The default Java version installed with the AUR package is 13, but Burp officially only supports 11. On startup Burp will complain about it.

Install the jre11-openjdk package and set it as the system default.

 # archlinux-java set java-11-openjdk

See also