How to use Burp Suite on Linux for web penetration testing

Posted on by BlockmyIP | Category: Programas Linux

Introduction

Burp Suite is one of the most popular tools for performing security testing on web applications. In Linux environments, its installation and configuration can be adapted to command-line based workflows and containerized development environments. This article shows step by step how to get Burp Suite working on a typical Linux distribution, leveraging its most useful features for auditors and developers.

Prerequisites

Before installing Burp Suite, make sure you have Java installed, as the tool depends on the Java runtime environment. In most distributions, you can install OpenJDK using the package manager:

  • Ubuntu/Debian: sudo apt update && sudo apt install openjdk-17-jre
  • Fedora: sudo dnf install java-17-openjdk
  • Arch Linux: sudo pacman -S jre17-openjdk

Check the version with java -version to confirm it is at least version 11.

Download and Installation

Burp Suite offers a free Community edition and paid Professional and Enterprise versions. To get started, download the Community edition installer from the official PortSwigger website:

  • Visit https://portswigger.net/burp/communitydownload
  • Choose the Linux installer (sh) package and save the file, for example burpsuite_community_linux_v2024_9.sh
  • Grant execution permissions: chmod +x burpsuite_community_linux_v2024_9.sh
  • Run the installer: ./burpsuite_community_linux_v2024_9.sh and follow the prompts (normally it accepts the default directory /opt/BurpSuiteCommunity)

When finished, you can launch Burp Suite from the applications menu or via the terminal with /opt/BurpSuiteCommunity/BurpSuiteCommunity.

Basic Configuration

The first time you start Burp Suite, you will be prompted to create a temporary project or save a permanent one. For occasional testing, a temporary project is sufficient; if you want to keep a history, choose “Save project” and specify a location.

In the “Proxy” tab, make sure the listener is active on the default port 8080 and that the interface is set to “All interfaces” if you plan to test from other containers or virtual machines.

Integrating Burp Suite with the Browser

To capture traffic, configure your browser to use Burp’s proxy:

  • In Firefox: Preferences → General → Network Settings → Settings → Manual proxy proxy: 127.0.0.1, port 8080, check “Use this proxy server for all protocols”.
  • In Chrome/Chromium: you can use the “SwitchyOmega” extension or launch the