Downloading Burp Suite (Community and Professional editions)

The first step in learning the techniques contained within this book is to download the Burp Suite application. The download page is available here: https://portswigger.net/burp/. You will need to decide which edition of Burp Suite you would like to download from the following:

• Professional
• Community
• Enterprise (not covered): This product is designed for large companies to run Burp Scanner across thousands of targets
• Dastardly (not covered): This edition only provides Burp Scanner capabilities and is specifically designed to integrate with Jenkins and other CI tools as jobs within a DevOps pipeline

What is now termed Community was once labeled Free Edition. You may see both referenced on the internet, but they are the same. At the time of writing, the Professional edition costs $449.

To help you make your decision, let’s compare the two. The Community version offers many of the functions used in this book, but not all. For example, the Community version does not include any scanning functionality. In addition, the Community version contains some forced throttling of threads when using the Burp Suite Intruder functionality. There are no built-in payloads in the Community version, though you can load custom ones. And, finally, several Burp Suite extensions that require the Professional edition will, obviously, not work in the Community edition.

The Professional version has all the functionality enabled, including passive and active scanners. There is no forced throttling. PortSwigger (that is, the name of the company that writes and maintains Burp Suite) provides several built-in payloads for fuzzing and brute-forcing. Burp Suite extensions that use scanner-related API calls work in the Professional version as well.

In this book, we will be using the Professional version, which provides access to an extensive array of functionality compared to the Community edition. However, when a feature is used in this book that’s specific to the Professional edition, a special icon will indicate this:

Figure 1.1 – Burp Suite Professional icon

Getting ready

To begin our adventure together, go to https://portswigger.net/burp and download the edition of Burp Suite you wish to use. The page provides a slider, as shown here, which highlights the features of Professional and Community, allowing you to compare them:

Figure 1.2 – Burp Suite Professional versus Community features

You may wish to choose the Community edition to gain familiarity with the product before purchasing the Professional version.

Should you choose to purchase or use the trial version of the Professional edition, you will need to complete forms or payments and subsequent email confirmations will be sent to you. Once your account is created, you may log in and perform the download from the links provided in our account.

Software tool requirements

To complete this recipe, you will need the following:

• Oracle Java (https://www.oracle.com/java/technologies/downloads/)
• Burp Proxy Community or Professional (https://portswigger.net/burp/)
• Mozilla Firefox browser (https://www.mozilla.org/en-US/firefox/new/)

How to do it...

After deciding on the edition you need, you have two installation options, including an executable or a plain JAR file. The executable is only available in Windows and is offered in both 32-bit and 64-bit versions. The plain JAR file is available for Windows, macOS, and Linux. You can find all the available download options here: https://portswigger.net/burp/releases/professional-community-2023-4-5?requestededition=community&requestedplatform=.

The Windows executable is self-contained and will create icons in your program listing. However, the plain JAR file requires your platform to have Java (https://www.oracle.com/java/technologies/downloads/) pre-installed. You may choose the current version of Java (JRE or JDK), so feel free to choose the latest version:

Figure 1.3 – PortSwigger’s Downloads page