Download and install the latest Java version.
At the bottom of the "Free Edition" column, click "Download now".
A "burpsuite_free_v1.6.jar" file downloads. Double-click it to launch it.
Burp opens, as shown below.
In Burp, click the Proxy tab. Click the Intercept button. Make sure the button label reads "Intercept is off", as shown below.
To use Burp, you need to adjust the proxy settings on a browser on your computer. I recommend using Firefox for this purpose, so the other browsers like Chrome remain available for normal Internet use.
If you don't have Firefox, go here and get it:
Once Firefox is installed and running, in the upper right corner, click the icon with three horizontal bars, as shown below.
Click the gear-shaped icon. If you are using a PC, it's labelled Options. If you are using a Mac, it's labelled Preferences.
On the left side, click Advanced.
On the Network tab, click the Settings button.
Click the "Manual proxy configuration" button and enter an HTTP Proxy address of 127.0.0.1 and a Port of 8080
Also check the "Use this proxy server for all protocols" box, as shown below.
Click OK.
If you are using a PC, click OK again.
In the Bing search bar, type your name, as shown below.
Don't use the literal text "YOUR NAME", use your own name.
In Burp, click the "Intercept is off" button. The label changes to "Intercept is on", as shown below.
In Firefox, in the Bing page, press Enter. Burp shows the Web request, as shown below.
In Burp, click the Forward button twice. This allows the first two requests to go through to the Internet.
A third request appears, with your name in the GET request, as shown below.
On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, and open Paint.
Press Ctrl+V to paste in the image of your desktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the image with a filename of "Proj 8a from YOUR NAME".
If a certificate warning appears, as shown below, click "I understand the risks", "Add exception", and "Confirm security exception".
Those warnings are telling you that your connection is being intercepted by a third-party (burp) which is pretending to be samsclass.info.
If the warning does not appear, that means a previous student has already confirmed the exception on that machine.
In the Cookie Login Page, type your name, as shown below.
Don't use the literal text "YOUR NAME", use your own name.
Enter a password of password
In Burp, click the "Intercept is off" button. The label changes to "Intercept is on", as shown below.
In Firefox, in the Cookie Login Page, click the "Submit Query" button. Burp shows the Web request, as shown below.
Notice that your name appears in this request, even though it's encrypted.
That's because Burp is performing a man-in-the-middle attack, acting as a Certificate Authority, delivering a fake public key instead of the genuine samsclass.info key.
Your browser warned you about this problem, but when you added the security exception you told it to proceed anyway.
On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, and open Paint.
Press Ctrl+V to paste in the image of your desktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the image with a filename of "Proj 8b from YOUR NAME".
Your username and password are rejected. That's OK.
In Burp, click the Target tab.
In the lower set of tabs, click the Scope tab.
In the "Include in scope" section, click the Add button.
In the "Add URL to include in scope" box, in the "Host or IP range" field, enter samsclass.info as shown below.
Click OK.
In Burp, click the "Site map" tab.
In Firefox, go to https://samsclass.info
If Firefox shows a messge saying "This Connection is Untrusted", click "I Understand the Risks", click "Add Exception...", and click "Confirm Security Exception".
Burp shows the domain name samsclass.info, as shown below.
Expand the https://samsclass.info section, as shown above. All the files and folders are visible, making it easy to hunt for interesting items and security vulnerabilities.
On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, and open Paint.
Press Ctrl+V to paste in the image of your desktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the image with a filename of "Proj 8c from YOUR NAME".
Click the gear-shaped icon.
In the Options box, at the upper right, click Advanced.
Click the Network tab.
Click the Settings button.
Click the "No proxy" button, as shown below.
Click OK.
If you are using a PC, click OK again.