Download and install the latest Java version.
At the bottom of the "Community Edition" column, click "Download now", as shown below.
A "burpsuite_free_v1.7.03.jar" file downloads (you may have a more recent version). Double-click it to launch it.
In the first screen, accept the default selection of "Temporary project" and click Next. Click "Start Burp".
Burp opens, as shown below.
In Burp, click the Proxy tab. Click the Intercept button. If the button label reads "Intercept is on", click it to make it show "Intercept is off", as shown below.
To use Burp, you need to adjust the proxy settings on a browser on your computer. I recommend using Firefox for this purpose, so the other browsers like Chrome remain available for normal Internet use.
If you don't have Firefox, go here and get it:
Once Firefox is installed and running, in the upper right corner, click the icon with three horizontal bars, as shown below.
Click the gear-shaped icon. If you are using a PC, it's labelled Options. If you are using a Mac, it's labelled Preferences.
On the left side, click Advanced.
On the Network tab, click the Settings button.
Click the "Manual proxy configuration" button and enter an HTTP Proxy address of 127.0.0.1 and a Port of 8080
Also check the "Use this proxy server for all protocols" box, as shown below.
Click OK.
If you are using a PC, click OK again.
In the search bar, type your name. Then press Enter.
Don't use the literal text "YOUR NAME", use your own name.
In Burp, click the Proxy tab. Click the "HTTP history" sub-tab.
Find the request to dogpile.com containing your name, as shown below.
On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, and open Paint.
Press Ctrl+V to paste in the image of your desktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the image with a filename of "Proj 3a from YOUR NAME".
A certificate warning appears, as shown below.
Click Advanced, "Add exception", and "Confirm security exception".
Those warnings are telling you that your connection is being intercepted by a third-party (burp) which is pretending to be samsclass.info.
If the warning does not appear, that means a previous student has already confirmed the exception on that machine.
In the Cookie Login Page, enter a name of admin and a password of password, as shown below.
In Burp, click the "Intercept is off" button. The label changes to "Intercept is on", as shown below.
In Firefox, in the Cookie Login Page, click the "Log In" button. Burp shows the Web request, as shown below.
Notice that the name and password are readable in this request, even though they are encrypted.
That's because Burp is performing a man-in-the-middle attack, acting as a Certificate Authority, delivering a fake public key instead of the genuine samsclass.info key.
Your browser warned you about this problem, but when you added the security exception you told it to proceed anyway.
You see a "Welcome" page, as shown below.
Click "Click here to log in".
Find the redacted portion of the request, covered with a gray box in the image above.
Use the form below to put your name on the WINNERS PAGE.
Click the gear-shaped icon.
In the Options box, at the upper right, click Advanced.
Click the Network tab.
Click the Settings button.
Click the "No proxy" button, as shown below.
Click OK.
If you are using a PC, click OK again.