After this lesson, you will be able to: Install Burp Suite Community, understand what a proxy is, route your browser through Burp, install the Burp CA certificate so HTTPS is readable, and intercept your first request.
This lesson gets you from nothing installed to intercepting live traffic. It explains the proxy concept everything else builds on, browser configuration, the all-important CA certificate (why HTTPS looks like gibberish without it), the built-in Burp browser, and a first-interception lab.
A proxy is software that sits between your browser and the internet, reading and optionally modifying every request and response that passes through. Burp is an intercepting proxy: it can pause a request so you can edit it before it reaches the server, and pause the response before it reaches your browser. Everything Burp does builds on this one idea, so make sure it is clear before moving on.
Download, run, and point traffic at Burp's listener.
1. Download Burp Suite Community from portswigger.net and install it.
2. Open Burp and accept the default temporary project.
3. Find the Proxy tab; note the default listener on 127.0.0.1:8080.
4. Point your browser at that proxy. The easiest path: use Burp's built-in browser (Proxy > Intercept > Open Browser), which is pre-configured.
5. For an external browser, use the FoxyProxy extension to switch a profile pointing at 127.0.0.1:8080 on and off.
HTTPS is encrypted, so to read it Burp must terminate TLS, which means your browser has to trust Burp's certificate. Without installing Burp's CA certificate, HTTPS sites show certificate errors and the traffic is unreadable. Installing the CA cert (download it from http://burp while the proxy runs, then add it to your browser/OS trust store) tells your browser to trust certificates Burp signs, so HTTPS traffic becomes readable in Burp. The embedded Burp browser already trusts it, which is why it is the easiest way to start.
Watch a request pause mid-flight.
1. In the Burp browser, turn Intercept on (Proxy > Intercept).
2. Navigate to http://example.com.
3. The request pauses in the Intercept tab. Read it: identify the method (GET), the path (/), and the headers (Host, User-Agent).
4. Click Forward to let it through, then turn Intercept off.
5. Open Proxy > HTTP history and find the request you just made. You have intercepted your first request.
Pick the best answer.
Forgetting to install the CA cert and concluding Burp is broken when HTTPS fails. Leaving Intercept on and wondering why the browser hangs (every request waits for you). Using a system proxy that conflicts with FoxyProxy. Testing a real site instead of the authorized lab. Not using the built-in Burp browser when starting, which avoids all the certificate setup.
Sign in and purchase access to unlock this lesson.