1

Module 10: Web Servers and Applications: Lab 1: Burp Suite

Description: In this lab, we are going to use the free version of Burp Suite and configure a
proxy. This allows us to control the flow of traffic between the user and the website.

Requirement for lab: This lab is performed in a Kali Linux desktop.

Part 1
Step 1: Login into your Kali machine (username: root password: toor)
Step 2: Click on the Show Applications option
Step 3: In the search box, start typing Burp Suite
Step 4: Click on the Burp Suite icon
Step 5: You might get a pop-up that your Java Runtime Environment (JRE) is out of date, just
click OK
Step 6: Burp Suite Community Edition pop-up box opens
Step 7: You may get a prompt that an update is available. For the purposes of this lab, just
select the Close button
Step 8: Next, make sure Temporary Project is selected and click Next
Step 9: Keep the Burp defaults and click the Start Burp button
Step 10: Burp Suite will open
Step 11: Click on the Proxy tab
Step 12: Next, click on the Options tab
Step 13: Make sure the interface is set to: 127.0.0.1:8080
Step 14: Open Firefox ESR
Step 15: At the top-right of the browser window, select the three lines stacked on top of each
other
Step 16: Next, click on Preferences
Step 17: Click Advanced (the button looks like a wizard hat)
Step 18: Click the Network tab at the top
Step 19: Click Settings
Step 20: Select Manual Proxy Configuration
 2

Step 21: For HTTP Proxy, type: 127.0.0.1 and then select Port 8080
Step 22: Click the “Use this proxy server for all protocols” checkbox, then select OK
Step 23: Close the browser window
Step 24: In the Burp Suite application, select the Intercept tab
Step 25: Launch Firefox ESR browser again
Note: You will notice that Burp Suite already starts gathering information, once we launch the
browser.
Step 26: Type any website in the URL field.
Step 27: You will notice the website will be lagging and will not pull up.
Step 28: In Burp Suite, click the Forward button to begin forwarding the packets.
Step 29: You would have to manually forward each packet, which would cause lag time for
the user. We would normally want to automate this process, so we could remain undetected.
Step 30: You will see Firefox eventually provides an error message that the website is not
secure, so the connection failed.
Step 31: Reset your browser settings or just click back on the three lines, select Preferences,
select Advanced, then select Network, and then Settings
Step 32: Select the Auto-detect proxy settings for this network option and click OK to save
the change
Step 33: Close the browser window
Step 34: Launch Firefox again and now try to go to the same website you had chosen

Question 1: Are you able to visit the website now that you have changed the settings back?
__________________________________________________________________________

Step 35: Burp Suite offers other features, like Scanner (Paid version), the ability to launch
attacks, set up different proxies, decode Hex, and highlight items.

Question 2: From the HTTP history tab, how do we highlight an item?

___________________________