Burp Suite Tutorial For Beginners

Wants To Learn Burp Suite, then this tutorial is for you, Master Burp Suite Like a Pro Hacker with this easy tutorial
burp suite tutorial

If you're looking for a good web application vulnerability scanner then Burp Suite Stands in the first place, its features and built-in automated scanners makes it a super fan of hackers.

As a beginner there might be a lot of issues with Burp Suite, a few years back, I too came across the same situation that I wanted to learn how hackers hack websites and get paid for bug bounty, but there is a lack of improper knowledge in me, thus I was failed to do so😞

I don't want everyone to face the same, so In this tutorial am going to teach you the basic concepts a beginner web pentester worries about.

In this tutorial, you're going to learn
  • What is Burp Suite
  • Installing Burp Suite
  • Burp Suite Pro Vs Free Version
  • How To Use Burp Suite
  • Burp Suite Modules
  • Advanced Scanning With Burp Suite
  • Burp Suite Automated Scanning

What is Burp Suite?

Burp Suite is a java based framework used for web application vulnerability scanning, and it comes with a collection of vulnerability scanning tools, it's goal is to intercept the traffic between the web browser and the server.

Why Burp Suite

Most of the people questioning why They Should Use Burp Suite while there are a lot of web vulnerability scanners out there,

Well that's the common question newbies asks the most,

Burp Suite Comes with a collection of scanners for various vulnerabilities also it has automation features, real-time traffic interactions between the browser and the server that makes us easy to understand better,

Burp Suite is a good tool for professional security researchers but what about others?

For that one of my friends did a survey in a Black hat Hackers Group, here is the results


Yup Burp Suite Stands Out.

Note: Don't mind you can use only Burp Suite For Attacking Web Applications, You Can Use Many Others Vulnerability Scanning tools during your penetrating attacks.

Burp Suite pro vs Free

This is a quite tricky question that Popups while using Burp Suite,
With The Free Version, you can't be able to avail
  • Automate Scannings
  • Scheduled & Repeat Scanning
  • Advanced Manual Tools

How does Burp Suite work

how burp works
Burp Suite Working Process

Burp Suite Works as an Interception Proxy Between your Browser and the Server, when you make a request via the Browser, First it goes to Burp Proxy then the Server, and it gets a response from the server then passes to Browser.

How to use Burp Suite

Burp Suite Installation

If you're using Kali Linux then Burp Suite is Pre-installed with the free version, for other operating systems you can download and install Burp Suite from the Portswigger website.

However the installations process is very easy, you have to choose your operating system and Download Burp Suite on Official Portswigger website.

Now you have installed Burp Suite and looking for attacking web applications, but before that, you have to do some configuration to Burp Suite and your Browser to make sure it works, it's a simple set-up as follows.

Burp Suite Modules

Click on The Image to View

Burp suite interface is very easy to understand that anyone can easily understand and analyze the traffic packets send through your browser to the server,

Burp suite also comes with many Modules that confuse the newbies,
Here are the modules to keep in mind


This Module is Useful for scanning and scrapping the given pages.


This module is used for Repetitive tasks such as brute force attacks


This module is used for Repetitive tasks by sending requests to the destination page


This module is used for Fuzzing Session Cookies


The decoder is a useful module for encoding and decoding hex, HTML, binary, and many other hashes


This module is used for automating attacks against any page.
Let's see

How To Configure Burp Proxy on Browser

To make Burp Suite Works, you must have to do some sort of configuration
The first thing is to Choose A Browser Which you're going to configure with Burp Proxy, in this guide am going to choose Firefox, which's a good browser for hackers, but you can choose any other browsers

Step 1: Open Firefox
Step 2: Click On Three dots in the Main Menu, then click on Settings
Step 3: After That Click on Advanced then click on Network Proxy
Step 4: Now tick on Manual Configuration, then in the Proxy area type and in the port as 8080

Configure Burp Proxy on Firefox

You can achieve the same with Foxy Proxy Addon, install it and configure it as shown screenshot, when you like to use click on the top Icon of Foxy Proxy and change the Settings

Burp Suite SSL Settings

configure burp proxy sll
Burp Suite SSL Error

This is what happens when you try to access HTTPS sites.

Burp Suite Works as HTTP proxy but what about the servers which use advanced technology such as SSL 😟

Burp Suite Works even on HTTPS😇

But before that we have installed some Certificates, follow below steps to do so.

Step1: Open Web Browser
Step2: Now In The Address Bar Type http://burp
You will be shown a page

Step3: Now click on CA Certificate, after that a file will be downloaded
Step4: Now you have to import the file to Firefox certificates

For that open Firefox then go to Options click on Privacy and Security now scroll down and click on View Certificates

Step5: Now Click on Import then select the downloaded file then click on OK
That's it you have successfully Configured SSL on Burp Suite, Now Go back and try opening an https site,

Burp Suite SSL pass-through

You can read more about the burp suite SSL on Portswigger blog

Further Reading

How To Hack WiFi Password In 2019 (Ultimate Guide)

101 Nmap Tutorial: A Simple Guide For Beginners

Attacking web applications with burp suite

Now We have ready to attack web applications, now you have to choose a target site and do some practice,
Also, you can use localhost web apps to practice,

Let's see

How to configure burp suite for localhost application

If you're on Kali Linux then you have to install the Apache Server on your Machine to get started, if you still don't know then check out this tutorial on installing Apache on Kali

If you're on Windows, Linux then you have to use WAMP, LAMP

Most of the people face the problem that the interceptor is not working for localhost applications, this usually happens if there is a configuration problem in the browser

Follow Below Steps To Fix this

1. (for firefox) go to about:config and change network.proxy.allow_hijacking_localhost to true

2. try instead of (dot added after IP address)

Advanced web application penetration testing with burp suite

Though Attacking Web Applications Is not an easy job, it requires a lot of practice, for that you have to learn and practice a lot,

And If you want to be a master web hacker then you must try these vulnerable web applications


Hope you guys got a clear understanding of How Burp Suite Helps us to attack web applications in a secure environment if you still have any queries then feel free to comment below.
Hi, I'm Basudev
A Professional Blogger & Hacker Interested in Infosec, Web Development, Programming

Post a Comment

Comments will be reviewed before publishing