Burp Suite is a popular and powerful tool used by security professionals, developers, and quality assurance testers to identify and fix security vulnerabilities in web applications.

Let’s learn what Burp Suite is and how you can install and set it up on your Linux system.

What Is Burp Suite?

Burp Suite is a powerful tool used to evaluate the safety of web applications. It essentially works as a MITM (man-in-the-middle) proxy, enabling you to intercept, inspect, and manipulate traffic bi-directionally.

It comes equipped with a powerful arsenal of tools that you can use to identify and exploit vulnerabilities in web applications. The suite includes tools for performing automated scans, manual testing, and customized attacks.

You can use Burp Suite for various purposes, including identifying SQL injections (SQLi), cross-site scripting (XSS), and other security vulnerabilities. Burp Suite is highly customizable and you can tailor it to meet the specific needs of testing a target application.

Prerequisites for Installing Burp Suite on Linux

Before installing any software, it's recommended to update and upgrade the system to ensure it has the latest security patches and updates. You can do so using the following commands:

On Ubuntu- and Debian-based Linux distros:

        sudo apt update && apt upgrade -y
    

On Arch Linux and its derivatives:

        sudo pacman -Syu
    

On RHEL and Fedora:

        sudo dnf upgrade
    

Once you've updated and upgraded your system, you're ready to move on to the next steps.

Downloading and Installing Burp Suite on Linux

burp suite starting up

You can download Burp Suite from the official PortSwigger website. They are the developers and maintainers of Burp Suite.

Download: Burp Suite

Here are the steps to download and install Burp Suite on your Linux system:

  1. Fire up a browser and open the official PortSwigger website and navigate to the download page. Or, simply click the download link above.
    burp suite official download page
  2. The Burp Suite Community Edition is free to use and sufficient if you’re just getting started with bug bounty and the likes of application security. Select Burp Suite Community Edition from the drop-down for Linux 64 Bit to begin the download.
  3. Once the download is complete, open a terminal and run the script. To do that, navigate to the directory where you downloaded the file using the cd command. Then, make the file executable using:
            chmod +x burpsuite_community_linux*.sh
        
    starting the burpsuite installer
  4. Finally, execute the script by running:
            ./burpsuite_community_linux*.sh
        
  5. Once you run the script, you should be greeted by the Burp Suite installer where you can configure the installation as per your liking.

You should now have Burp Suite installed on your Linux system. To launch Burp Suite, open the application drawer and search for it. You can add it to your dock/favorites for quick access.

With the installation process out of the way, let’s get to setting Burp Suite up for security testing.

Setting Up the Web Browser for Burp Suite

Burp Suite is designed to work with most modern web browsers. However, you need to perform some additional configuration to ensure that Burp Suite can communicate with the browser correctly.

For the demonstration, we’ll be using Mozilla Firefox as the primary browser.

The first step in setting up your browser for use with Burp Suite is to install the FoxyProxy Standard extension. FoxyProxy is a tool that allows users to configure their browser to use a proxy server. This is crucial for Burp Suite to intercept and modify the traffic between the browser and the server.

You can find the FoxyProxy browser extension on the Chrome Web Store for Google Chrome or on the Addons page for Mozilla Firefox.

Download: FoxyProxy (Google Chrome | Mozilla Firefox)

Once FoxyProxy is successfully installed, the next step is configuring it properly to use Burp Suite as the proxy server. Follow the steps below for configuration:

  1. Open the FoxyProxy options by clicking the FoxyProxy icon in the extensions menu and selecting Options from the drop-down menu.
  2. Click on the Add New Proxy button to create a new proxy configuration. In the Proxy Details tab, enter a name for the new proxy configuration, for example, Burp Suite.
  3. In the Proxy IP Address field, enter 127.0.0.1, and finally, in the Proxy Port field, enter the port number that Burp Suite is listening on (by default, this is 8080).
    configuring foxyproxy plugin
  4. Save the new proxy configuration by clicking on the Save button. Once saved, activate the proxy configuration by clicking on the FoxyProxy icon in the toolbar and selecting the new proxy configuration from the drop-down menu.
burp suite interceptor in action

Now you've successfully configured your browser to send and receive traffic to and from the Burp Suite application.

To test it, simply activate the FoxyProxy extension, and under the Proxy tab in the Burp Suite application, click on Intercept On. You should see the incoming requests populated with web traffic.

Uninstalling Burp Suite From Linux

uninstalling burp suite

Sometimes you may run into errors with Burp Suite or in general, face configuration issues. The best way to fix it is a clean reinstallation of the Burp Suite application.

While the Burp Suite installation and setting up process is a rather lengthy one, in contrast, the uninstallation process is a piece of cake. To uninstall Burp Suite, navigate to the directory where it's installed—remember you set this during the installation process.

In the app directory, you'll find an uninstall.sh script. Make it executable using the "chmod +x filename" command and run it. That should fire up the uninstaller which you can use to uninstall Burp Suite from your Linux distribution.

To reinstall Burp Suite, simply re-do all the steps you did to install it the first time.

The Best Vulnerability Scanning Tools for Linux

While Burp Suite is one of the best security testing tools on the market, it is not wise to rely on a single tool to thoroughly test the security stature of your website or application.

There are a lot of other vulnerability scanning tools that automate vulnerability hunting, and, when coupled with Burp Suite, can acutely test the security of your applications.