Burp Suite
Industry-standard web security testing platform
Methods7 commands
#proxy#manual-testing#web#essential
Installation
1Download from PortSwigger website
2Install Java if needed
3Run installer
# Download from
https://portswigger.net/burp/releases
# Kali Linux
apt install burpsuite
# Run
burpsuite
# Configure browser proxy: 127.0.0.1:8080Basic Usage
Intercept, modify, and analyze HTTP traffic
# Key steps:
1. Set browser proxy to 127.0.0.1:8080
2. Import Burp CA certificate
3. Enable intercept in Proxy tab
4. Browse target application
5. Send interesting requests to Repeater/Intruder
# Useful shortcuts:
Ctrl+R - Send to Repeater
Ctrl+I - Send to Intruder
Ctrl+Shift+R - Repeat requestCommand Reference
7 commands
1Intercept HTTP traffic
Proxy2Manually modify requests
Repeater3Automated attacks
Intruder4Vulnerability scanning (Pro)
Scanner5Encode/decode data
Decoder6Compare responses
Comparer7View all traffic
LoggerWhen to Use
1
Manual web application testing2
Request manipulation3
Authentication testing4
Parameter fuzzing5
Business logic testingNotes & Tips
1
Free Community edition has limited features2
Pro version includes scanner and advanced tools3
Install CA cert to intercept HTTPS4
Use scope to filter trafficCommon Errors & Solutions
HTTPS not working
Install Burp CA certificate in browser
Intercept not catching requests
Check proxy settings and scope configuration
Java errors
Update Java to latest version