What is Burpsuite?
What is Burpsuite you ask? Burp Suite is a Java based web penetration testing framework.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Why CA certificate?
By default, when you browse an HTTPS website via Burp, the Proxy generates an SSL certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time Burp is run, and stored locally. To use Burp Proxy most effectively with HTTPS websites, you will need to install Burp’s CA certificate as a trusted root in your browser.
Here is a step by step guide to configure Burpsuite in your system.
Step 1 : Install Java Runtime Environment. (Version: x86 for 32-bit and x64 for 64-bit Windows)
Step 2 : Download and Install burpsuite from https://portswigger.net/burp/freedownload
Step 3 : Open Burpsuite. Go to Proxy => Options
Step 4 : Check the Proxy Listener's default proxy address: 127.0.0.1 and Port: 8080
Step 5 : Now start Mozilla Firefox and open Addons => Extensions. And search for Proxy Switcher and Install it.
Step 6 : Go to Preferences => Advanced => Network => Settings => Select 'Manual proxy configuration:'.
Step 7 : Now edit the 'Manual proxy configuration:' as HTTP Proxy: 127.0.0.1 and Port: 8080. And tickmark- "Use this proxy server for all protocols"
Step 8 : Now in the same window, clear the input from 'No Proxy for:'(Delete => localhost, 127.0.0.1)
Step 9 : Now go to Firefox address bar and type: http://burp [CASE SENSITIVE-'http']and download the certificate from 'CA certificate'.
Step 10 : Go to Preferences => Advanced => Certificates.
Step 11 : Certificates => Requests => Select one automatically. And un-check 'Query OCSP responder servers to confirm the current validity of certificates'.
Step 12 : Now Certificates => View Certificates => Authorities => Import. And then select the Certificate from the Downloads folder.
Step 13 : Tick-mark all the three options in the Certificate installation window.
Congratulations! You have successfully configured Burpsuite!