From the official website:
- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, to finding and exploiting security vulnerabilities.
This will install Burp Suite Community (free edition).
Burp Proxy will work out of the box with HTTP connections. For HTTPS, PortSwigger's certificate must be installed first.
Install HTTPS certificate in Firefox
Start up Burp:
Open the Proxy -> Options. In the Proxy Listeners section add a new interface. Set Interface to
127.0.0.1:8080 and make sure the Running checkbox is enabled.
http://127.0.0.1:8080/ in Firefox, click the CA Certificate link at top right and save the certificate file somewhere.
In Firefox open the Options tab and go to Privacy & Security -> Certificates -> View Certificates... -> Authorities. Click Import and select the file. Check the Trust this CA to identify websites checkbox and click OK.
Fix segfault during startup
The harfbuzz package update to 4.0.0 causes Burp to segfault during startup when used with the JRE that ships with Burp.
Use Java 18 instead of the 16 JRE that ships with Burp:
$ app_java_home=/usr/lib/jvm/java-18-openjdk ~/BurpSuitePro/BurpSuitePro
For the desktop entry change the Exec line to:
Exec=env app_java_home=/usr/lib/jvm/java-18-openjdk /home/user/BurpSuitePro/BurpSuitePro %U