BSCE - DrAlzahraniProjects/csusb_fall2024_cse6550_team2 GitHub Wiki

1. Installation
   
2. Configuration
   
3. Implementation
   
4. Usage
   
5. Troubleshooting
   

To install Burp Suite Community Edition, follow these steps:

Visit the Burp Suite Downloads page. Choose the appropriate version for your operating system (Windows, macOS, or Linux).

1. Download the installer.
2. Run the installer and follow the on-screen prompts.
3. Launch Burp Suite from the Start menu.

After installation, you need to configure Burp Suite to effectively use its features. The process varies depending on the browser you’re using; in this example, I’ll use Firefox. However, you can refer to the Burp Suite documentation here on how to configure other browsers.

• Launch Burp Suite.

• Select "Use Burp Defaults" and click "Start Burp" to access the main dashboard with tabs

• Go to the "Proxy" tab.

• Ensure the proxy listener is enabled on the default port (usually 8080) in "Proxy settings".

• Configure your browser to use Burp as a proxy: For firefox, go to browser's network settings, set the HTTP proxy to 127.0.0.1 and port 8080.

To intercept HTTPS traffic, you need to install the Burp SSL certificate: bash

• Open your browser and navigate to http://burpsuite/.

• Follow the prompts to download and install the Burp CA certificate.

• Search for certificate in the search tab.

• Move to the Authorities tab, click Import.

Burp Suite provides various features for web application testing. Here are some essential functionalities:

• Intercepting requests in Burp Suite allows you to examine, modify, and replay HTTP(s) traffic between your computer and the target web application. This is a fundamental feature for web application security testing. Ensure the Proxy is active and your browser is configured and intercept on.

• Use the browser to navigate to a web application.

• Burp will intercept the requests, allowing you to analyze and modify them before they reach the server. In the Proxy tab, click "Forward" to pass through requests, and use "HTTP history" to monitor all HTTP traffic.

• Click Forward to allow the requests to pass through while monitoring the traffic and select http history option

• Selected WebSocket request to test for vulnerabilities in a WebSocket request, send this to repeater and view the request in the repeater tab.

• The request is attempting to upgrade the connection to a WebSocket. We focus on testing how the server responds to unexpected modifications in Host, Connection, Sec-WebSocket-Key, Sec-WebSocket-Version and Origin

• In Repeater, modify headers.

  Origin Header: Changing this header helps test if the server restricts connections based on the origin, enhancing security against CSWSH. Click on 'Send' for any kind of modification or to get a response from server. Response from the server will be displayed at the right side

• Original request response.

• Navigate to the Target tab.
• Right-click on the target site and select Spider this host.
• Burp will start crawling the website to discover additional endpoints.

1. Unable to Launch Burp Suite

   • Verify Java is installed.

2. Proxy Issues:

   • Ensure your browser is correctly configured to route traffic through Burp Suite's proxy.

3. SSL/TLS Certificate Error

   • If you encounter SSL/TLS certificate errors, ensure Burp Suite's certificate is installed in your browser. Go to Proxy > Options > Import / export CA Certificate, and follow the instructions for your browser.

4. High CPU Usage

   • Reduce threads in Burp Suite settings: Go to Settings > Project Options > Connections > Reduce threads.