Learn how to configure Burp Suite on kali linux step by step. Burp suite is a software application for checking the security of a web application, which includes tools that provide you with a modern and functional software. This software is offered by Portswigger company and has been published in two versions, professional and free. In this article, we are going to teach you how to configure Burp Suite on kali linux. You can visit the packages available in Eldernode if you need to buy Linux VPS server.
Table of Contents
What is Burp Suite?
Burp Suite gives the user complete control and allows them to combine different and advanced techniques to work faster, more efficiently and more enjoyable. This software is very simple, convenient and configurable and has many powerful features to help those who test the software. Its professional version includes multiple tools and an automatic scanner. At the same time, the free version is complete and includes all the basic tools.
Tutorial configure Burp Suite on kali linux
Before we configure Burp Suite, we will first introduce you to the tabs of this software, which include the following:
– Target: With this tool, you are able to collect all the resources of the web application for identification.
– Proxy: Using this tool, all web application traffic can be analyzed and edited.
– Spider: This tool allows you to browse the Internet according to certain algorithms and patterns.
– Scanner: A comprehensive security scanner under the web application that is only available in the professional version.
-Intruder: With this tool, all web application requests are automated. By repeating a request many times (fuzzing) which actually means sending surprise requests to the program, this process can find security vulnerabilities.
– Repeater: A powerful tool used to re-edit and send web requests.
– Sequencer: A tool used to check tokens and cookies.
– Decoder: Allows you to encrypt or decrypt data.
– Comparer: This tool is used to find changes on the web page.
How to install Burp Suite on kali linux
The first method is that you can access the Burp Suite by going to the following path:
Applications >> Kali Linux >> Top 10 Security Tools >> burpsuite.
The second method is that by going to the Java interpreter from the bash terminal you can run Burp Suite:
root@kali:~# java -jar /usr/bin/burpsuite.jar
After downloading Burp Suite, make sure the proxy listener is enabled. The following example uses the TCP 8080 port.
In this section you will see a list of all proxy listeners. You can add it in the absence of a proxy listener. To use the IceWeasel web browser on Kali Linux, configure the listener to listen to a dedicated port at 127.0.0.1. Also make sure the Running box is active.
Now you need to change the browser configuration to route traffic through the proxy. To do this, open the IceWeasel by clicking on the weasel globe icon at the top of the page. Then follow the path below to open the following page:
Edit >> Preferences
In the preferences menu, click on the Advanced options and then select the Network tab.
Then, click on the Settings. This will take you to the connection settings configuration page:
Change the proxy radio button to manual configuration. In this example, the HTTP proxy address is set to 127.0.0.1 and the port value is set to TCP 8080. Search a website through the IceWeasel browser to make sure the configuration is correct.
You will notice that the browser tries to connect, but nothing is provided in the browser, because the request sent from the browser is intercepted by a proxy. To use the browser, you can change the proxy settings to the Use system proxy settings option and use the manual proxy settings only when using Burp.
Introducing Burp Suite plugins
This plugin is for searching the admin pages of a website. Using this plugin, you can easily find the website admin panel in burpsuite. Among the features of this plugin, you can test more than 1000 pages and its high speed.
This plugin is for searching backup files inside the server, which is used as a plugin in burpsuite. It also has the ability to read directories and search for backups using default names.
3- BurpelFish Translator plugin
This plugin is excellent and useful and translates foreign texts using Google when testing penetration. Due to the use of Google service, you can translate all common languages.
This plugin is for breaking AES encryption when traffic passes through the network and is very useful for testing the penetration of encrypted data. It also has the ability to connect to a proxy and scan.
To search for WordPress plugins using burpsuite which has the ability to search more than 35,000 WordPress plugins.
Conclusion
Burp Suite is a very popular tool among hackers that is used to test network intrusion, especially web applications. This tool is available by default on a variety of security operating systems such as Kali Linux. In this article, we tried to teach you How to configure Burp Suite on kali linux after introducing Burp Suite.