Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
$9.99 | ALL EBOOKS & VIDEOS
Over 7,000 tech titles at $9.99 each with AI-powered learning assistants on new releases
Burp Suite Essentials
Burp Suite Essentials

Burp Suite Essentials: Discover the secrets of web application pentesting using Burp Suite, the best tool for the job

By Akash Mahajan
$19.99 $9.99
Book Nov 2014 144 pages 1st Edition
eBook
$19.99 $9.99
Print
$32.99
Subscription
$15.99 Monthly
eBook
$19.99 $9.99
Print
$32.99
Subscription
$15.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now
Table of content icon View table of contents Preview book icon Preview Book

Burp Suite Essentials

Chapter 1. Getting Started with Burp

Burp Suite is a collection of tightly integrated tools that allow effective security testing of modern-day web applications. It provides a great combination of tools that allow automated and manual workflows to test, assess, and attack web applications of all shapes and sizes. Getting started with Burp is easy. With some application, we can become extremely comfortable and skilled at using the various powerful tools that are offered by Burp Suite.

Burp Suite is a piece of modern software written in the Java language. Java makes it cross-platform and extremely versatile for use both by novices and professionals. This chapter will get you started with Burp quickly while giving you enough information that will facilitate our journey of getting acquainted with Burp Suite. The tool, unlike point-and-click automated scanners, is meant to be used in a hands-on manner, and while it makes it easy to automate parts of the testing, a lot can be done by the tool in the hands of an expert. Since our aim is to optimize the way we use Burp, through this chapter, we will get to know a few tricks that will make it easy to start with.

Burp Suite is distributed as a single Java Archive (.jar) file. The free version can be downloaded from http://portswigger.net/burp/downloadfree.html. There is no registration or form to fill out, but if you'd rather get the Pro version, which I highly recommend, then you need to buy it from the same website to be able to download it. There are significant differences between the free version and the Pro version, but if you are a serious tester looking for the best value-for-money scanner / web application security tool, it should be Burp Suite Pro.

The main differences between the free version and the Pro version of Burp Suite are:

  • Burp Scanner

  • The ability to save and restore your work

  • Engagement tools, such as Target Analyzer, Content Discovery, and Task Scheduler

These are the topics we'll be covering in this chapter:

  • Starting Burp from the command line

  • Setting memory options based on our requirement and system RAM

  • Troubleshooting any IPv6 error that occurs sometimes

Oracle Java 1.6 or above is currently required for the software to run.

Oracle Java 1.6+ is usually installed for Windows and Mac OS X. If your computer doesn't have it installed, go to http://java.com, choose the version of Java Runtime Environment (JRE) for your operating system, and follow the installation instructions.

The official documentation cautions users from double-clicking on the .jar file. This is to ensure that we can clearly specify the amount of RAM allocated for the Burp process when we start it.

Some people have successfully run Burp with other flavors of Java, but for now, we will focus on running it well with Oracle Java 1.6 or above.

Starting Burp from the command line


Burp doesn't have an elaborate setup process. Starting Burp is as simple as executing a command in your shell of choice.

Starting Burp requires Java to be already installed and configured on your computer. If your computer doesn't already have Java 1.6+, you can get it for free from http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html.

We need the JRE, so click on the Download button under JRE.

If your computer already has Java 1.6 or above installed, execute the following in your shell:

java -jar /path/to/burpSuite.jar

Those who have done Java programming will understand what is happening here. We are passing a JAR to the Java runtime. Please note there are no command-line options that need to be passed to Burp Suite.

Specifying memory size for Burp


If we start Burp Suite by double-clicking on the .jar file, the Java runtime will allocate the maximum memory available to Burp on its own. The total amount allocated might vary based on the available system RAM. Since Burp Suite will capture hundreds and sometimes thousands of requests and responses of various sizes, it makes sense to allocate memory when we start the program.

There is the possibility that Burp Suite might crash if the total memory available is not enough. While doing a security assessment, we don't want to worry about disruption in our work or the feeling that we may lose valuable data about the assessment due to Burp Suite crashing. Therefore, it is prudent to specify how much system RAM is allocated to Burp Suite in the beginning itself.

Specifying the maximum memory Burp is allowed to use

We can use command-line flags provided by Java to ensure that Burp has enough, and more, memory to use while running our security assessment:

java -jar -Xmx2048M /path/to/burpsuite.jar
java -jar -Xmx2G /path/to/burpsuite.jar

Both these commands will allocate 2 GB of RAM to Burp Suite. We can also pass options for gigabytes, megabytes, or kilobytes. You can read up more about this at the Oracle page at http://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/jrdocs/refman/optionX.html#wp999528.

This should be enough for most web applications that need to be tested. If you have more system RAM to spare, you can even increase it further. There is a small caveat you should know. If you increase the memory allocated to Burp Suite beyond 4 GB, the Java Virtual Machine (JVM) garbage collector (GC) will need to do more work. This has been known to adversely affect the performance of Java-based applications. Keeping that in mind, there are clear performance gains that can be achieved by increasing the minimum heap size from the default, which can be as low as 128 MB on older machines.

Ensuring that IPv4 is allowed


Sometimes, Java picks up the IPv6 address on the interface, and Burp is unable to make any connections to websites returning an IPv4 address. This results in a Java error, which is as follows:

java.net.SocketException: Permission denied

The browser also shows a cryptic error, which is as follows:

Burp proxy error: Permission denied: connect

If we ever encounter this error, all we need to do is tell Java that we want to use the IPv4 interface by passing the following parameter to the runtime:

java -Xmx2048M -Djava.net.preferIPv4Stack=true -jar /path/to/burpsuite.jar

This command and flag tells the Java runtime that we will prefer the IPv4 network stack to run the Burp Suite JAR file. Another option is to set a Java option environment variable.

Please note that by running the preceding command, the IPv6 interface will be disabled.

Many people have reported this as a bug on the Burp support forums. Most of the people who complained were using Microsoft Windows 7 64-bit operating system running a 32-bit version of the JVM.

Working with other JVMs


The official documentation of Burp doesn't say anything about not working with JVMs apart from the official Oracle Java. There was a time when if we tried to run Burp Suite with OpenJDK, it would start off by giving a warning. But now, it runs perfectly without any warnings in Kali with OpenJDK.

Kali is a Linux-based distribution that has been specifically created for penetration testing and security testing of applications and networks. Previously, it was known as Backtrack. In the following screenshot, we can see that it runs the OpenJDK JRE and is able to run Burp Suite without any issues:

Summary


We have successfully managed to start Burp Suite. Usually, we just double-click on the application shortcut and get it working. However, if you want to utilize the full power of the application, we need to understand some of the underlying concepts of memory and networking.

In this chapter, you learned how to allocate and reserve a specified amount of RAM for use while Burp Suite runs. This will ensure that while doing a security assessment, memory issues will not hamper our progress in any way. We also saw an error that can crop up, which is quite difficult to understand unless you have seen it before.

Now that we have successfully started Burp Suite, in the next chapter, we will see how to configure our web browsers to send web traffic through it for interception and analysis.

Left arrow icon Right arrow icon

Key benefits

What you will learn

Get to grips with the userdriven workflow so that you can test any kind of web application Get acquainted with the use of each of the components in Burpa?”Target, Proxy, Intruder, Scanner, and Repeater Search, extract, and match patterns for requests and responses using response extraction rules, URLmatching rules, and Grep Match Set up and test SSLenabled applications without any errors Intercept SSL traffic from all kinds of web and mobile applications Develop customized Burp Extensions to suit your needs using Java, Python, and Ruby

Product Details

Country selected

Publication date : Nov 28, 2014
Length 144 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781783550111
Category :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details


Publication date : Nov 28, 2014
Length 144 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781783550111
Category :

Table of Contents

19 Chapters
Burp Suite Essentials Chevron down icon Chevron up icon
Credits Chevron down icon Chevron up icon
About the Author Chevron down icon Chevron up icon
Acknowledgments Chevron down icon Chevron up icon
About the Reviewers Chevron down icon Chevron up icon
www.PacktPub.com Chevron down icon Chevron up icon
Preface Chevron down icon Chevron up icon
1. Getting Started with Burp Chevron down icon Chevron up icon
2. Configuring Browsers to Proxy through Burp Chevron down icon Chevron up icon
3. Setting the Scope and Dealing with Upstream Proxies Chevron down icon Chevron up icon
4. SSL and Other Advanced Settings Chevron down icon Chevron up icon
5. Using Burp Tools As a Power User – Part 1 Chevron down icon Chevron up icon
6. Using Burp Tools As a Power User – Part 2 Chevron down icon Chevron up icon
7. Searching, Extracting, Pattern Matching, and More Chevron down icon Chevron up icon
8. Using Engagement Tools and Other Utilities Chevron down icon Chevron up icon
9. Using Burp Extensions and Writing Your Own Chevron down icon Chevron up icon
10. Saving Securely, Backing Up, and Other Maintenance Activities Chevron down icon Chevron up icon
11. Resources, References, and Links Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by


No reviews found
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.