Lab Instructions
Burp Suite: Web Proxy
Follow these written lab steps in order. Run one command at a time and verify output before moving on.
Lab objective
Module 3: Burp Suite Web Proxy. Intercept HTTPS by installing Burp's CA certificate so you can inspect and modify HTTPS traffic in your lab. Use only on authorized targets.
Command
N/AExpected result: Burp is configured and you can intercept and decrypt HTTPS traffic (with cert install).
Step 1 - Install and configure Burp
Install Burp Suite (Community or Pro). Set your browser proxy to 127.0.0.1:8080 (or Burp's listening port). Visit an HTTPS site—you will see a certificate warning until you install Burp's CA cert.
Command
Launch Burp → Proxy → Options → ensure proxy listening on 8080.Expected result: Browser traffic is proxied through Burp; HTTPS sites show cert warnings.
Step 2 - Install Burp CA certificate
In Burp: Proxy → Options → Import / export CA certificate → Export → Certificate in DER format. Save the .der file. In your browser or OS: import the certificate as a trusted root CA (e.g. Chrome Settings → Privacy and security → Security → Manage certificates → Import). Restart the browser if needed.
Command
Burp: Export CA cert → Browser/OS: Import as trusted root CA.Expected result: HTTPS sites load without warning when proxied; you can inspect decrypted requests/responses in Burp.
Step 3 - Intercept HTTPS and reflect
Turn Intercept on in Burp. In the browser, submit a form or load an HTTPS page. In Burp, inspect the decrypted request (headers, body). Optionally modify a parameter and forward. Reflect: why installing the CA cert is required to intercept HTTPS and use only in authorized testing.
Command
Burp: Intercept on → browse HTTPS site → inspect/edit request in Burp.Expected result: You see plaintext HTTPS requests and responses in Burp and can explain the role of the CA cert.