Burpsuit2021 series environment configuration and crack installation

Posted by SueHubert on Fri, 14 Jan 2022 03:20:25 +0100

preface

The video version of this article is available at station B: https://www.bilibili.com/video/BV1aq4y1X7oE?p=2

Burp Suite is an integrated penetration testing tool, which integrates a variety of penetration testing components, enabling us to better complete penetration testing and attacks on web applications automatically or manually. In penetration testing, our use of Burp Suite will make testing easier and more convenient. Even without skilled skills, only we are familiar with the use of Burp Suite, which will also make penetration testing easier and efficient.

Burp Suite is written in Java language, and Java's cross platform makes the learning and use of software more convenient. Unlike other automated testing tools, Burp Suite requires you to manually configure some parameters and trigger some automated processes before it starts to work.

The Burp Suite executable is a jar file of java file type. The free version can be downloaded from Free download address Download. The free version of Burp Suite has many restrictions and many advanced tools cannot be used. If you want to use more advanced functions, you need to pay for the professional version. The main differences between the professional version and the free version are

Burp Scanner
Save and restore workspace
Outreach tools such as Target Analyzer, Content Discovery and Task Scheduler
This chapter mainly describes the basic configuration of Burp Suite, including the following contents:

How to launch Burp Suite from the command line
How to set JVM memory size
IPv6 problem debugging

Environment configuration

jdk-11 http://jdk.java.net/archive/

After downloading and decompressing to the directory you want, add the bin directory as the path to the system environment variable.

The results are as follows

Burpsuite program download

Remember to select the jar file.

How to start Burpsuite

If the Java runnable environment is configured correctly, when you double-click burpsuite_pro_v2021.7.jar to start the software. At this time, Burp Suite will automatically allocate the maximum available memory. The specific amount of memory actually allocated is generally 64M by default. In the penetration test process, if thousands of requests pass through Burp Suite, Burp Suite may crash due to insufficient memory, thus losing relevant data in the penetration test process, which we don't want to see. Therefore, when we start Burp Suite, we usually specify the memory size it uses. Generally speaking, we usually allocate 2G of memory for Burp Suite. If your computer has enough memory, you can allocate 4G; If your computer memory is small enough, you can also allocate 128M. When you allocate enough memory to Burp Suite, it can do more work. The specific configuration method to specify the memory size occupied by Burp Suite is to add the following command line parameters in the startup script: assume that the name of the startup script is burp_suite_start.bat, the contents of the bat script are

java -jar -Xmx2048M  /your_burpsuite_path/burpsuite.jar

The parameter - Xmx specifies the maximum memory available to the JVM. The unit can be either M or g. if G is the unit, the script content is:

java -jar -Xmx2G  /your_burpsuite_path/burpsuite.jar

For more information on JVM performance tuning, read Oracle JVM Tuning

But in fact, we don't usually use this.

Second startup method

This is the general starting method
Save the command as a file with the name CMD bat

java -jar burpsuite_pro_v2021.7.jar

Double click to start

The third startup method - no interface

Save it as CMB vbs

DIM objShell
DIM command
set objShell=wscript.createObject("wscript.shell")
command="java  -jar burpsuite_pro_v2021.7.jar"
iReturn=objShell.Run(command, 0, TRUE)

The fourth way to start - more handsome

using System;
using System.Diagnostics;
using System.IO;
//csc.exe /target:winexe /out:c:\users\dark5\desktop\Bp.exe /win32icon:C:\Users\dArk5\Pictures\IconGroup1001.ico  C:\Users\dArk5\Desktop\1.cs
//https://images-dark5.oss-cn-hongkong.aliyuncs.com/archives/bp.ico
namespace burpsuite_pro_v2021._7
{
    static class Program
    {
        /// <summary>
        ///The main entry point for the application.
        /// </summary>
        [STAThread]
        static void Main()
        {
            string startbp_seconde = "java -javaagent:BurpLoaderKeygen.jar -noverify -jar burpsuite_pro_v2021.7.jar";
            if (File.Exists("config.cfg"))
            {
                Exec(startbp_seconde);
            }
            else
            {
                string first = "java -jar BurpLoaderKeygen.jar";
                Exec(first);
            }
        }

        static void Exec(string cmd)
        {
            Process p = new Process();
            //Set the application to launch
            p.StartInfo.FileName = "cmd.exe";
            //Whether to start using the operating system shell
            p.StartInfo.UseShellExecute = false;
            // Accepts input from the caller
            p.StartInfo.RedirectStandardInput = true;
            //Output information
            p.StartInfo.RedirectStandardOutput = true;
            // Output error
            p.StartInfo.RedirectStandardError = true;
            //Do not display program window
            p.StartInfo.CreateNoWindow = true;
            //Start program
            p.Start();
            //Send input information to cmd window
            p.StandardInput.WriteLine(cmd+ "&exit");
            p.StandardInput.AutoFlush = true;
            //Get output information
            string strOuput = p.StandardOutput.ReadToEnd();
            //Wait for the program to finish executing and exit the process
            //p.WaitForExit();
            p.Close();
        }
    }
}

Burst suite cracking startup

There are restrictions on normal startup, and great God has made registration machines in China.
Activation file (registered machine):
https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases

Therefore, each startup in the future is started through the registration machine, that is, the command is changed to:

java -javaagent:BurpLoaderKeygen.jar -noverify -jar burpsuite_pro_v2021.7.jar

Then, the commands of the above startup methods are all changed to this.

IPv6 problem debugging

Burp Suite does not support IPv6 address for data communication. In this case, the following exception will be thrown in the cmd console

java.net.SocketException: Permission denied

At the same time, exceptions will occur when accessing the browser

Burp proxy error: Permission denied: connect

When the above problems occur, we need to modify the startup script, add the IPv4 specification, and restart Burp Suite.

java -jar -Xmx2048M  -Djava.net.preferIPv4Stack=true  /your_burpsuite_path/burpsuite.jar

Via - DJava net. The setting of the preferipv4stack = true parameter tells the Java running environment that the IPv6 protocol will be prohibited if the IPv4 protocol stack is used for data communication. This error is most common on 64 bit windows operating system, using 32-bit JDK

If you want to communicate with your peers

Topics: Cyber Security penetration test Web Security