About this blog

I'm a developer with over 10 years experience who wants to transition to infosec. This blog is an informal record of my experiments with OWASP's Mutillidae II, a web application exhibiting a multitude of deliberate vulnerabilities. I will also take Offensive Security's PWK training course and get the OSCP certificate

Monday, 29 August 2016

Configure BurpSuite on Kali

In my code developer positions I would normally use The Fiddler for interception/inspection/modification/replay, but I noticed some pentest jobs mentioning BurpSuite, so I thought I'd check it out.

The pre-installed version was quite a bit behind the latest.
  1. apt-cache search burp (OK, it's just called 'burpsuite')
  2. apt-get install burpsuite (upgrade if not recent)
  3. burpsuite &
  4. Proxy => Intercept => turn off for now
  5. (Firefox) Pereferences => Advanced => Network => Settings
  6. HTTP: 127.0.0.1 8080
  7. HTTPS: 127.0.0.1 8080
  8. Go to http://burp
  9. Click 'CA Certificate' to download
  10. (Firefox) Preferences => Advanced => Certificates => View Certificates => Import
  11. Select the certificate downloaded in (8)
  12. Check "Trust this certificate to authenticate servers"
  13. Browse an HTTP and HTPPS website
  14. Check Burp logs to confirm proxying
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)