BURP SUITE

MASTERY
LA B MANUAL

PRACTICAL HANDS-ON BURP

SUITE TRAINING COURSE
BY
Peritus Information
Security Services Private
Limited
 Burp Suite Mastery Lab Manual 1

Contents
About 2
Copyright 2
Disclaimer 2
Configuration 3
Exercise 3
Prerequisites 3
Goals 3
Steps 3

@Copyright Peritus Information Security Services Private Limited. All rights reserved. The contents, or parts
thereof, may not be reproduced in any form for any purpose without the written permission of Peritus
Information Security Services Private Limited.
 Burp Suite Mastery Lab Manual 2

About
Peritus Information Security Services Private Limited is an Information Security Company located in
India which provides security consulting services and also specializes in providing information security
trainings all over the world. Contact: info@peritusinfosec.com

Copyright
Peritus Information Security Services Private Limited owns all rights, title and interest in these materials
and such materials are protected by copyright. All rights are reserved. These materials may only be
used for private, non-commercial use only. Any unauthorized use, reproduction, modification, transfer,
distribution of part or all of these materials is strictly prohibited. Nothing in these materials shall grant
you any rights in or to the intellectual property or proprietary rights of Peritus Information Security
Services Private Limited or any third party.

Disclaimer
All the material presented in this training course is strictly for educational purposes. Peritus
Information Security Services Private Limited is not responsible for any misuse of the material.

@Copyright Peritus Information Security Services Private Limited. All rights reserved. The contents, or parts
thereof, may not be reproduced in any form for any purpose without the written permission of Peritus
Information Security Services Private Limited.
 Burp Suite Mastery Lab Manual 3

Configuration

Exercise
Configuring Burp Proxy and Browser.

Prerequisites
WebGoat and Burp Suite already running.

Goals
1. Learn how to setup Proxy.
2. Learn how to use extensions to ease the process of setting up Proxy.
3. Learn how to configure Burp Suite to work with HTTPS sites.

Steps
1. Setting up Proxy
1. Setup Burp Proxy Listener to listen at 127.0.0.1:8081. You can find `Proxy Listeners` in
Proxy → Options tab.
2. Forward browsers traffic to 127.0.0.1:8081 by changing proxy settings of the browser. For
Firefox, Preferences → Advanced → Network tab → Connection settings
3. Visit `http://localhost:8080/WebGoat/` and see if any traffic is getting forwarded to Burp
Proxy. Keep Intercept off and check in HTTP history tab of Burp Proxy.

2. Setting up FoxyProxy
1. Install `FoxyProxy Basic` extension for Firefox.
2. Go to Options of FoxyProxy Basic.
3. Click `Add New Proxy` and enter all the details with proxy set to 127.0.0.1:8081.
4. Activate this proxy and your browser will be able to forward traffic to Burp Proxy.

Note: You can download FoxyProxy extension for other browsers as well and configure it in the same
way.

3. Configuring Burp Suite to work with HTTPS sites

1. Visit http://burp/ in the browser and download CA Certificate.
2. Install this CA certificate in Firefox, by going to Preferences → Advanced → Certificates →
View Certificates → Import
3. Close the browser and Burp Suite and reopen. Make sure browser is forwarding traffic to
127.0.0.1:8081 and Burp is listening at 127.0.0.1:8081.
4. Visit any https site like https://google.com and it will show up in Burp Proxy.

Note: You can follow same steps for setting up Burp Proxy with HTTPS sites on other browsers.

@Copyright Peritus Information Security Services Private Limited. All rights reserved. The contents, or parts
thereof, may not be reproduced in any form for any purpose without the written permission of Peritus
Information Security Services Private Limited.