Setup Burp Suite Pro 2.1 on MacOSX

Hi, while setting up Burp Suite on MacOSx I faced a lot of issues, so I thought of writing a blog post as I myself couldn't find one :P

Follow these steps if you are using MacOSX High Sierra or above. Might work on lower versions as well (Not really sure though).

Setting Up Java8 and Homebrew

  1. Install homebrew
    Open a terminal and run the command:
    ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
  2. Tap homebrew/cask-versions
    Run the command:
    brew tap homebrew/cask-versions
    “Tap” extends brew’s list of available repositories it can install, above and beyond brew’s default list of the available repositories. (For older versions try: brew tap caskroom/versions)
  3. Run the command given below to install java8:
    brew cask install adoptopenjdk8
  4. Check if java8 is successfully installed or not
    Run the command:
    /usr/libexec/java_home -verbose
Adopt Open JDK 8 is successfully installed

Configuring and downloading Burp Suite Pro 2.1

  • Download all the necessary burp related files from here.
  • Navigate to the downloaded folder and open 2 terminal windows.
    Run the following commands:
  • Window1:
    /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -jar burp-loader-keygen-2_1_07.jar
Output from window1
  • Window2:
    /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -noverify -Xbootclasspath/p:burp-loader-keygen-2_1_07.jar -jar burp2.1/burpsuite_pro_v2.1.07.jar
  • Copy the License from window1 to window2's license key section, click Next>Setup manually.
  • Paste the activation request from window2 to window1 and then copy the response from Window1 to Window2. (I had already done this step so I can’t take an SS anymore).
Burp Suite is installed successfully.

Create a Bash Alias

  • If you are missing a .bash_profile, just add the file in root directory via touch .bash_profile
  • Open .zshrc (if you are using ZSH) file or .bash_profile.
    nano .zshrc
  • Add the command given below: (do replace path_to_burp with the actual downloaded file path)
burp2.1()
{
/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -noverify -Xbootclasspath/p:path_to_burp/burp2.1/burp-loader-keygen-2_1_07.jar -jar path_to_burp/burp2.1/burpsuite_pro_v2.1.07.jar
}
  • Run source ~/.bash_profile or source ~/.zshrc
  • Now you can type burp2.1 in terminal to open Burp Suite directly.

Setup Foxy Proxy and Certificate

  • Download foxy-proxy.
  • Click on edit and add as represented in the screenshot.
Setting up proxy
  • Install the burp suite certificate to intercept HTTPS traffic. Simply, follow the steps given by Portswigger

BurpSuite 2.1 is installed with an alias, foxy proxy to toggle proxy and CA cert to intercept HTTPS traffic successfully

Goodluck finding bugs!

Offensive Cyber Security:)