Back to Curriculum
Day 15Unit III
15

Burp Suite — Setup & Basics

Web Application Security Testing

Master Burp Suite setup, configuration, and basic usage for web application security testing. Learn to intercept, modify, and analyze HTTP/HTTPS traffic using industry-standard tools.

Learning Objectives
  • Understand what Burp Suite is and its purpose in web security testing
  • Download and install Burp Suite Community Edition
  • Configure browser proxy settings with FoxyProxy
  • Install and trust Burp Suite CA certificate for HTTPS interception
  • Master intercepting and forwarding HTTP/HTTPS requests
  • Use Burp Proxy features: intercept toggle and HTTP history
  • Utilize Repeater for manual request modification and testing
  • Apply Decoder for Base64 and URL encoding/decoding operations
Understanding Burp Suite
Core concepts and architecture of Burp Suite

What is Burp Suite?

Burp Suite is an integrated platform for performing security testing of web applications

Purpose

Acts as a man-in-the-middle proxy to intercept, inspect, and modify web traffic

Key Features

  • HTTP/HTTPS traffic interception
  • Request/response modification
  • Automated scanning capabilities
  • Extensive tool suite for web testing
  • Extensible through plugins

Use Cases

  • Web application penetration testing
  • API security testing
  • Mobile app testing
  • Bug bounty hunting
  • Security research
🆓
Community

Free, basic features, manual testing

💎
Professional

Paid, automated scanning, advanced tools

🏢
Enterprise

Corporate, team collaboration, CI/CD integration

How Burp Suite Works

Burp Suite operates as a proxy server between your browser and the target web application

Purpose

Architecture

Browser → Burp Proxy → Target Server → Burp Proxy → Browser

Workflow

  • 1. Browser sends requests to Burp Suite proxy
  • 2. Burp intercepts and logs the traffic
  • 3. Requests can be modified or forwarded
  • 4. Responses are captured and displayed
  • 5. Tools analyze the intercepted data

Components

  • Proxy - Core interception engine
  • Repeater - Manual request testing
  • Decoder - Encoding/decoding utility
  • Intruder - Automated attacks
  • Scanner - Vulnerability detection
  • Sequencer - Token randomness analysis
Essential Links & Resources
Official documentation and reference materials
📚

Burp Suite Documentation

https://portswigger.net/burp/documentation

⬇️

Burp Suite Community Download

https://portswigger.net/burp/communitydownload

🏠

DVWA Installation Guide

https://github.com/digininja/DVWA

🦊

FoxyProxy Extension

https://getfoxyproxy.org/

🎓

Burp Suite Tutorials

https://portswigger.net/burp/documentation/desktop/getting-started