Open in app

Sign in

Write

Sign in

Preparing Your Environment: Burp Suite

Siji Johny
4 min readMay 4, 2024

--

Burp Suite is a powerful set of tools used primarily for web application security testing. It’s developed by PortSwigger, a UK-based cybersecurity company .It provides a great combination of tools that allow automated and manual workflows to test, assess, and attack web applications of all shapes and sizes.

Starting Burp is as simple as executing a command in your shell of choice. Burp Suite is written in the Java language and distributed as a single Java Archive (.jar) file. Oracle Java 1.6 or above is currently required for the software to run. If your computer doesn’t have it installed, go to http://java.com, choose the version of Java Runtime Environment (JRE) for your operating system, and follow the installation instructions.

Install

Run the installer and launch Burp Suite. When asked to select a project file and configuration, just click Next and then Start Burp to skip this for now. If you’re using Burp Suite Professional, enter your license key when prompted. If you don’t have one already, you can subscribe or request a free trial. The free version can be downloaded from http://portswigger.net/burp/downloadfree.html.

Starting Burp from the command line

Execute the following in your shell: java -jar /path/to/burpSuite.jar. We are passing a JAR to the Java runtime.

Specifying memory size for Burp

When we start Burp Suite by double-clicking on the .jar file, the Java runtime will allocate the maximum memory available to Burp on its own. The total amount allocated might vary based on the available system RAM. Since Burp Suite will capture hundreds and sometimes thousands of requests and responses of various sizes, it makes sense to allocate memory when we start the program. There is the possibility that Burp Suite might crash if the total memory available is not enough.

We can use command-line flags provided by Java to ensure that Burp has enough, and more, memory to use while running our security assessment:

java -jar -Xmx2048M /path/to/burpsuite.jar

java -jar -Xmx2G /path/to/burpsuite.jar

Both these commands will allocate 2 GB of RAM to Burp Suite.If you have more system RAM to spare, you can even increase it further. There is a small caveat you should know. If you increase the memory allocated to Burp Suite beyond 4 GB, the Java Virtual Machine (JVM) garbage collector (GC) will need to do more work.

CPU cores / memory

  • Minimum: 2x cores, 4GB RAM — This spec is suitable for basic tasks such as proxying web traffic and simple Intruder attacks.
  • Recommended: 2x cores, 16GB RAM — This is a good general-purpose spec.
  • Advanced: 4x cores, 32GB RAM — This spec is suitable for more intensive tasks, such as complex Intruder attacks or large automated scans.

Free disk space

  • Basic installation: 1GB
  • Per project file: 2GB

Operating system and architecture

Burp Suite supports the latest versions of the following operating systems:

  • Windows (Intel 64-bit)
  • Linux (Intel and ARM 64-bit)
  • OS X (Intel 64-bit and Apple M1)

Embedded browser

Burp’s browser has some additional operating system and architecture requirements. It is not compatible with the following:

  • Older versions of Windows, including Windows 7, Windows 8/8.1, Windows Server 2012, and Windows Server 2012 R2.
  • Instances of Burp Suite that run via the JAR file on Apple Silicon and ARM 64-bit based systems. If you want to use Burp’s browser on systems with these chip sets, make sure that you install Burp using the native platform installers.

Ensuring that IPv4 is allowed

Sometimes, Java picks up the IPv6 address on the interface, and Burp is unable to make any connections to websites returning an IPv4 address. This results in a Java error, which is as follows:

java.net.SocketException: Permission denied

The browser also shows a cryptic error, which is as follows:

Burp proxy error: Permission denied: connect

If we ever encounter this error, all we need to do is tell Java that we want to use the IPv4 interface by passing the following parameter to the runtime: java -Xmx2048M -Djava.net.preferIPv4Stack=true -jar /path/to/ burpsuite.jar .

This command and flag tells the Java runtime that we will prefer the IPv4 network stack to run the Burp Suite JAR file. Another option is to set a Java option environment variable. Please note that by running the preceding command, the IPv6 interface will be disabled.

Working with other JVMs

The official documentation of Burp doesn’t say anything about not working with JVMs apart from the official Oracle Java. There was a time when if we tried to run Burp Suite with OpenJDK, it would start off by giving a warning. But now, it runs perfectly without any warnings in Kali with OpenJDK.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Siji Johny
Siji Johny

Written by Siji Johny

9 Followers
27 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech