Starting Burp using commandline

java -jar /path/burpsuite.jar

  • Here we are passing .jar to java runtime

Specifying Memory size for Burp

By default, java runtime allocates maximum memory to Burp based on the availability of the RAM. But Burp may capture hundreds or thousands of request based on the type of project being tested which may exceed the memory allocated by the java runtime and it will then crash Burp and we might lose our valuable work being done. So thats why we need to mannually allocate memory to Burp.

java -jar -Xmx1024M /path/burpsuite.jar


* Java has a couple of settings that help control how much memory it uses
    -Xmx sets the maximum memory heap size
    -Xms sets the minimum memory heap size.
* 1024M means 1gb size which is *explicitly allocated
* And then the jar file


If we increase Memory size allocted to Burp more than 4gb, the java Virtual Machine garbage Collector will have to work more and this affects the performance of Java based Applications

Common Java Errors in Burp

Sometimes, by default java socket picks up IPV6 address on the interface and hence Burp is not able to make any request to the website with IPv4. Most common java errors are: denied

Sometime we get a Cryptic error

Burp proxy error :Permission denied :connect

In order to overcome this error, we simply need to tell java that we want to use IPv4 address : java -Xmx1024M -jar /path/burpsuite.jar

This command will set IPv4 stack to be used by Java socket to run Burp.

Configuring Mozilla Firefox to proxy through Burp Suite

With Mozilla Firefox we can ensure that only browser generated traffic is sent to Burp Suite.

Steps to follow

  • Start Mozzila Firefox

  • Click on 3 bars on the right hand side

3 bars

  • Go to preferences and then go to advanced tab


  • Find Network tab, and go to mannual Proxy Configuration. Put the following values as in the image.


  • Click Ok and all you are ready to go

Setting fine grainer Proxy configuration

Instead to doing again and again proxy configuration in browser, we can simply use some of the tools or say addons which can be installed in mozilla firefox. Some well known tools are Foxy Proxy, Switch Proxy. Foxy Proxy standard is a mozilla firefox addon to get controll over Proxy configuration. Just simply install proxy switch and Foxy Proxy standard addons in browser.

Configuring Foxy Proxy

Just like our browser setting we can define Proxy setting in Foxy Proxy.

Learning Url Patterns :

Before knowing about URL pattern we should know about wildcards. If you type /Members/David.aspx into your browser, the Members -> Profile page opens. The system converts the wildcard part of the URL (David) into a query string parameter, so that the internal URL actually looks like /Members/Profile.aspx?username=David. The name of the parameter is taken from the name of the wildcard, and the value is the matching part of the entered URL. The User public profile web part which is placed on the page recognizes the username parameter in the rewritten URL and displays David's profile.

Setting Url Pattern as white Patterns

Suppose I want to intercept everything related to yahoo, its all domain and subdomain and want that nothing else should be intercepted. So I will simply create a new proxy and will define some pattern for it . Here , Example 1: URL Pattern : '* Pattern Now I will be able to intercept everything related to yahoo, its subdomains like

But if I try to intercept, '' into Burp, it will not capture the request just because of the pattern.

Example 2: URL Pattern : '* I want to intercept all the subdomains of mail in but dont want to intercept or any other sub domain. Pattern

Setting URL Pattern as Black Patterns

Black URL pattern basically refers to not intercepting something very specific like consider a scenerio where I have to intercept every thing except, so in this case I ll simply whitelist every domain or say target as whitelist pattern and black list

Example 1: White Url Pattern : * Black URL Pattern : * Pattern Now Burp will not intercept anything related to yahoo, its subdomains like But it will intercept every other domain available over internet.

Example 2: Now suppose if I want to intercept yahoo but dont want to intercept So I will simply blacklist Just focus below White Url Pattern : '* Black URL Pattern : '* Pattern

*Explicitly - Defined by user

results matching ""

    No results matching ""