Burp Suite- Chapter one Burp Suite Installation and environment configuration
Burp Suite Is an integrated penetration testing tool , It's a collection of penetration test components , So that we can do it better automatically or manually web Penetration testing and attack of applications . In the penetration test , We use Burp Suite It will make the testing work easier and more convenient , Even if you don't need great skill , Only we are familiar with Burp Suite Use , It also makes penetration testing easy and efficient .

Burp Suite By Java Written in language , and Java Its cross platform nature , It makes learning and using software more convenient .Burp Suite Unlike other automated testing tools , It requires you to configure some parameters manually , Trigger some automated processes , And then it starts to work .

Burp Suite The executable program is java Document type jar file , The free version can be downloaded from the free version download address . Free version Burp Suite There will be many restrictions , Many advanced tools cannot be used , If you want to use more advanced functions , Need to pay for Professional Edition . The main differences between professional edition and free edition are

Burp Scanner
Workspace preservation and recovery
Expanding tools , Such as Target Analyzer, Content Discovery and Task Scheduler
This chapter focuses on Burp Suite Basic configuration , It includes the following ：

How to start from the command line Burp Suite
How to set up JVM Memory size
IPv6 Problem debugging

How to start from the command line Burp Suite

Burp Suite It's a software free installation , When the download is complete , Enable directly from the command line . but Burp Suite Yes, it is Java Language development , The runtime depends on JRE, Need to be advanced Java Runtime environment . If not configured Java Environment or do not know how to configure children's shoes, please refer to win7 On the computer Java Environment configuration , End of configuration Java After the environment , Verify first Java Whether the configuration is correct , If input java -version The result shown in the figure below , Prove that the configuration is correct and complete .
At this time , All you need is to be there. cmd Internal execution java -jar /your_burpsuite_path/burpSuite.jar You can start Burp Suite, perhaps , You will be Burp Suite Of jar Put in class_path Under the table of contents , Direct execution java -jar burpSuite.jar You can also start .

Be careful ：your_burpsuite_path For you Burp Suite Location path ,burpSuite.jar The file name must match the one you downloaded jar The file name is consistent

# How to set up JVM Memory size
If Java If the running environment is configured correctly , When you double-click burpSuite.jar You can start the software , At this time ,Burp Suite I will automatically allocate the maximum available memory , How much memory is actually allocated , The default is generally 64M. When we are in the penetration test process , If thousands of requests pass Burp Suite, This may lead to Burp Suite Crash due to insufficient memory , Thus, the relevant data in the penetration test process will be lost , This is what we don't want to see . therefore , When we start Burp Suite when , It usually specifies the memory size it uses . Generally speaking , We usually allocate 2G Memory for Burp Suite Use , If your computer has enough memory , Can allocate 4G; If your computer memory is small enough , You can also assign 128M. When you give Burp Suite When enough memory is allocated , It can do more . Appoint Burp Suite The specific configuration method of the occupied memory size is to add the following command line parameters in the startup script ： Suppose the name of the startup script is burp_suite_start.bat, Then bat The content of the script is

java -jar -Xmx2048M/your_burpsuite_path/burpsuite.jar

The parameter -Xmx Appoint JVM Maximum memory available , The units could be M, It can also be G, If it is G In units , Then the script content is ：

java -jar -Xmx2G  /your_burpsuite_path/burpsuite.jar

IPv6 Problem debugging

Burp Suite It is not supported IPv6 Address for data communication , At this moment in cmd The following exception will be thrown in the console

java.net.SocketException: Permission denied

meanwhile , Browser access , There will be exceptions

Burp proxy error: Permission denied: connect

When the above problem occurs , We need to modify the startup script , Add pair IPv4 After the designation of , restart Burp Suite that will do .

java -jar -Xmx2048M  -Djava.net.preferIPv4Stack=true  /your_burpsuite_path/burpsuite.jar

adopt -Djava.net.preferIPv4Stack=true Parameter settings , tell Java Running environment , Use IPv4 Protocol stack for data communication ,IPv6 The agreement will be banned . This error is most common in 64 Bit windows On the operating system , Used 32 Bit JDK