Getting to know Burp Suite

Burp can be downloaded for all the major operating systems from the PortSwigger website at https://portswigger.net/burp. For Windows systems, both x64-bit and x32-bit installers are available. A standalone Java JAR file is also available in case you want to run Burp as a portable application.

When you start Burp Suite, you will be prompted to provide settings to set up your Burp project before you begin using the tool.

The three options available are as follows:

• Temporary project: Select this if you want to use Burp for a quick inspection or a task that you do not need to save. You can get started immediately when you select this option and hit Next.
• New project on disk: For a well-executed penetration test, it is very important to be able to record and retrieve logs of requests and responses that were part of the test. This option allows you to create a file on the disk that will store all the configuration data, requests, and responses, and proxy information that you set in Burp when you begin testing. A descriptive name can be provided to enable this file to be loaded in the future. A good rule of thumb is to create a name that provides information about the project itself. ClientName-TypeOfTest-DDMMYYYY is a good name to start with.
• Open existing project: This option allows you to load any existing project files that have been created in the past using the New project on disk option. You can choose to pause the spider and scanner modules so that the project is loaded in a non-active state of attack.

Clicking on Next will take you to a page where you can choose any save configuration from before or continue using Burp defaults. You also get the option of disabling extensions when Burp starts.

Click Start Burp to continue.