LinuxCommandLibrary

burpsuite

Web application security testing and vulnerability analysis

TLDR

Start Burp Suite

$ burpsuite
copy

Start Burp Suite using the default configuration
$ burpsuite --use-defaults
copy

Open a specific project file
$ burpsuite --project-file=[path/to/file]
copy

Load a specific configuration file
$ burpsuite --config-file=[path/to/file]
copy

Start without extensions
$ burpsuite --disable-extensions
copy

SYNOPSIS

burpsuite [profile] [--help | --version | --edition]

PARAMETERS

--help, -h
    Display usage help and exit

--version, -v
    Print Burp Suite version information

--edition, -e
    Show edition (Community or Professional)

profile
    Load specified saved profile or project

--project-file=
    Load a specific Burp project file

--config-file=
    Load configuration from file

DESCRIPTION

Burp Suite is a comprehensive toolkit for web vulnerability assessment and penetration testing. Developed by PortSwigger, it integrates powerful features like an intercepting proxy, web crawler (Spider), automated scanner, intruder for fuzzing, repeater for request manipulation, and more. The Community Edition is free and available via Kali Linux repositories, while Professional offers advanced scanning capabilities.

On Linux, the burpsuite command launches the Java-based GUI application. It's widely used by security professionals to identify issues like SQL injection, XSS, and CSRF in web apps. Users can configure it as a proxy to intercept and modify HTTP/S traffic, extend functionality with BApp Store extensions, and save/load projects for collaborative testing.

Ideal for bug bounty hunters and pentesters, it supports headless mode for automation but primarily excels in interactive analysis. Requires Java 11+ and significant RAM for large scans.

CAVEATS

Requires Java 11+ installed; GUI-focused, resource-heavy for large sites; Community Edition lacks active scanning; not for production traffic interception without caution.

INSTALLATION

On Kali/Debian: sudo apt install burpsuite. Standalone JAR requires java -jar burpsuite_community.jar.

BASIC USAGE

Run burpsuite, configure browser proxy to 127.0.0.1:8080, install CA certificate for HTTPS interception.

HISTORY

Created by Dafydd Stuttard in 2003 as a simple proxy; evolved into full suite by PortSwigger Web Security. Community Edition released 2008; integrated into Kali Linux ~2013. Regular updates add AI-driven scanning and cloud support.

SEE ALSO

wireshark(1), nikto(1), sqlmap(1), zaproxy(1)

Copied to clipboard