Page 48 - Hands-On Bug Hunting for Penetration Testers

P. 48

Preparing for an Engagement Chapter 3

Burp Suite requires a JRE (version 1.6 or greater), but we'll also need the JDK to use the
KBWB command line tool to bootstrap Burp Suite from the command line. Running Burp
from the command line lets us pass in settings via arguments that give us more control over
the execution environment.

Please install Burp Suite by following the directions on Portswigger's
website: IUUQT QPSUTXJHHFS OFU CVSQ IFMQ TVJUF@HFUUJOHTUBSUFE.

To use Burp Suite, you need to run a legacy version of Java. If you try to start Burp from its
CLI with Java 10.0.0 or later, you'll receive a message to the effect that Burp has not been
tested on this version and is susceptible to errors.

If you just need Java for Burp, you can install an older versionbwe'll be using Java
(Java 8)band use that system-wide. But if you need a more up-to-date Java installation for
other programs, you can still run legacy Java by using the KFOW command-line utility that
allows you to switch between versions. KFOW is similar to the Ruby version manager SWN or
the Node version manager OWN, they all allow you add, list, and switch between versions of
the language with just a few commands.

Please install KFOW from its website: IUUQ XXX KFOW CF .

After you've installed KFOW, you can add a new Java version to it simply by using the path
to its )PNF directory. Then we'll set our system to use it:

jenv add /Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home
jenv global 1.8

You might have to restart your Terminal. But you should have Java 8 installed! Check it's
Java 8 with KBWB WFSTJPO. You should see this output:

java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)

[ 33 ]

43 44 45 46 47 48 49 50 51 52 53