Once Burp loads up, there are a few things we need to configure to make our lives easier. This guide intends to serve as a list of steps that I like to do after a fresh install of Burp Suite.
- Installing Java to Launch Burp via CLI
- Installing and Configuring FoxyProxy
- Disabling Firefox’s Captive Portal
- Installing the Burp’s Certificate in Firefox
- Installing Common Extensions
- Installing Jython for Python Extensions
Installing Java to Launch Burp via CLI
It is preferable to launch the Burp JAR file from the command line, as this gives you more control over its execution, in particular the amount of memory that your computer assigns to Burp.
In order to do this, you must first have Java installed. At time of writing, I found that Burp works best with Java 14.0.2, which you can download from https://www.oracle.com/java/technologies/javase/jdk14-archive-downloads.html.
Once installed, you can check if Java is present in your PATH by running java -version. If you get an error like the one in the screenshot, continue on.
Adjust your PATH environment variable to include the path to the Java executable.
C:\Program Files\Java\jdk-14.0.2\bin
Your version should now display when running the same command mentioned earlier.
Finally, you can now launch Burp from the command line. The following will launch Burp with 4 GB of RAM allocated.
Java -jar -Xmx4g "C:\Program Files\BurpSuitePro\burpsuite_pro.jar"
Installing and Configuring FoxyProxy
First, to make our lives easier, let’s install the Firefox add-in for FoxyProxy.
With the add-in installed, let’s head into the Options.
Now we can Add a new entry.
Let’s create the New Entry with the following.
Title: Burp
Proxy IP: 127.0.0.1
Port: 8080
Click Save.
With this in place, we can easily route traffic in/out of Burp without having to dive deep into Firefox’s settings.
Installing the Burp’s Certificate in Firefox
Now that we have the proxy configured, we’ll want to import Burp’s certificate so that we do not receive certificate errors while browsing the internet.
Let’s start by routing our traffic through our proxy and navigating to the following URL.
Now we can click on CA Certificate to download the necessary der file.
With the cert file saved, lets head into Preferences and click on Options.
Head over to the Privacy settings, find the Certificates section, and click on View Certificates.
In the Certificate Manager window, find the Authorities tab. Then, select Import.
Browse to the .der file you downloaded earlier.
Enable Trust this CA to identify websites, and then click OK.
Disabling Firefox’s Captive Portal
With Firefox’s default configuration, you will see a lot of requests to http://detectportal.firefox.com.
To get rid of this, let’s head over to about:config and click Accept the Risk and Continue.
Search for network.captive-portal-service, and set the value to False.
Installing Common Extensions
To install an extension, head over to the Extender tab of Burp Suite, and then select BApp Store.
Installing an extension is as easy as finding the one you want, and clicking Install. Here’s a list of my must-haves.
- Autorize
- Logger++
- Param Miner
- Upload Scanner
- OpenAPI Parser
- Wsdler
- 403 Directory Bypasser
Installing Jython for Python Extensions
Any extension written in Python will require us to to set up Jython. For example, clicking into the Autorize extension will display an option to Download Jython.
You’ll want to download the Jython Standalone.
Once downloaded, I like to place the file into my C:\ drive at the following location.
C:\Burp\Extensions
Head back over to Burp Suite and select the Extender tab. Go into Options, and select Select File.
Then browse to and select the JAR file.
You should now have the option to Install Python-based extensions.
Infinite Logins 