Hi, while setting up Burp Suite on MacOSx I faced a lot of issues, so I thought of writing a blog post as I myself couldn't find one :P
Follow these steps if you are using MacOSX High Sierra or above. Might work on lower versions as well (Not really sure though).
Setting Up Java8 and Homebrew
- Install homebrew
Open a terminal and run the command:
ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
- Tap homebrew/cask-versions
Run the command:
brew tap homebrew/cask-versions
“Tap” extends brew’s list of available repositories it can install, above and beyond brew’s default list of the available repositories. (For older versions try:
brew tap caskroom/versions)
- Run the command given below to install java8:
brew cask install adoptopenjdk8
- Check if java8 is successfully installed or not
Run the command:
Configuring and downloading Burp Suite Pro 2.1
- Download all the necessary burp related files from here.
- Navigate to the downloaded folder and open 2 terminal windows.
Run the following commands:
/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -jar burp-loader-keygen-2_1_07.jar
/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -noverify -Xbootclasspath/p:burp-loader-keygen-2_1_07.jar -jar burp2.1/burpsuite_pro_v2.1.07.jar
- Copy the License from window1 to window2's license key section, click Next>Setup manually.
- Paste the activation request from window2 to window1 and then copy the response from Window1 to Window2. (I had already done this step so I can’t take an SS anymore).
Create a Bash Alias
- If you are missing a .bash_profile, just add the file in root directory via
- Open .zshrc (if you are using ZSH) file or .bash_profile.
- Add the command given below: (do replace path_to_burp with the actual downloaded file path)
/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/bin/java -noverify -Xbootclasspath/p:path_to_burp/burp2.1/burp-loader-keygen-2_1_07.jar -jar path_to_burp/burp2.1/burpsuite_pro_v2.1.07.jar
- Now you can type
burp2.1in terminal to open Burp Suite directly.
Setup Foxy Proxy and Certificate
- Download foxy-proxy.
- Click on edit and add as represented in the screenshot.
- Install the burp suite certificate to intercept HTTPS traffic. Simply, follow the steps given by Portswigger
BurpSuite 2.1 is installed with an alias, foxy proxy to toggle proxy and CA cert to intercept HTTPS traffic successfully
Goodluck finding bugs!