Last updated: July 20, 2021
Read time: 4 Minutes
This tutorial will get you started using Burp Suite Enterprise Edition. We'll show you how to get a trial license, download and install the software, and perform your first scan of a site. Burp Suite Enterprise Edition is made up of components such as a database and a web server, and has many options for installation across several machines or in the cloud. For now, we'll install it on a single machine.
For the purposes of this tutorial, you'll need a machine running a 64-bit architecture OS (Windows, MacOS, or Linux), and the installation will be slightly simpler if your machine has direct Internet access (i.e. not through a proxy server). We recommend that your machine has at least 2 cores and 8GB of RAM. This will work fine for a demonstration of Burp Suite Enterprise Edition, but you'll need more resources to run it for real.
First, go here, enter your email address and press "Try for free". Your email address will have to be from a company domain: webmail addresses won't work.
Next, quickly answer a few questions and select "Continue". Your answers will give us a better understanding of your needs.
We will send you an email to the address you specified. If you don't receive an email quickly, contact firstname.lastname@example.org.
Use the instructions in the email to log in to your account at PortSwigger.net.
Once you have logged in, go to your account page at PortSwigger.net and use the link there to download your license key, which is a text file. Put it somewhere safe, you'll need it later.
Use the link on your account page at PortSwigger.net to download the Burp Suite Enterprise Edition software. When you are redirected to the Releases page, select the latest version of Burp Suite Enterprise Edition for your OS. Open the downloaded file. If you're using MacOS, you may need to open the software via Control-click to avoid application signing issues.
The installation wizard will start automatically. Once the wizard displays a welcome screen, click "Next".
The wizard will now ask you several questions: which components you want, where you want to put data and backups, whether you want to send automated feedback, etc. Keep the default answers, which will keep all the components on one machine, and click "Next" several times until the wizard asks you about ports.
When the wizard asks you which port to use for the Burp Suite Enterprise Edition web server, keep the default of 8080 unless you need to choose something else because of a conflict on your machine. Pick another port only if you know you need to, and press "Next".
If you're installing on a Linux or MacOS machine, the wizard will ask for the name of a user to own the Burp Suite Enterprise Edition processes. Keep the default name of "burpsuite". This is different from your personal username. Click "Next". If you have a Windows machine, this question won't come up.
Keep the default of using Burp Suite Enterprise Edition's embedded database. Click "Next".
Keep the default choice when the wizard asks you about backup data location, and click "Next".
The installation wizard will now install Burp Suite Enterprise Edition. If the wizard asks you, allow Java to accept incoming net connections.
Create an administrator account to log in to Burp Suite Enterprise Edition's web-based interface. Leave the user name as "administrator", enter your email address and choose a password. Note: you will need these administrator credentials shortly, and they are different from your login credentials for PortSwigger.net.
You have now installed Burp Suite Enterprise Edition.
You access Burp Suite Enterprise Edition via its web server. As the web server is running on your machine, open a browser and browse to: localhost:8080 (using a different port if you changed it from 8080).
Sign in with the user name "administrator" and the password you created in step 14.
To activate your license, click on "Upload license key" and browse to where you saved your license key. If your machine uses a proxy to access the Internet, you will need to configure it before you can do this. To configure a proxy, go here.Once you have activated your license key, you can see its expiry date and the number of agents allocated to the license. Click "Continue"
Click on "Skip for now" to skip setting up a web server URL and SMTP server.
Let's configure a site to scan. Under "Site name", type "PortSwigger Labs", and under "Site URL" type "portswigger-labs.net/". Leave the other options as default and click "Next: Create a scan".
Leave all the options as default and click "Finish". This will schedule a scan to run once, as soon as possible. Click "View my scans" to see your scheduled scan's entry in a table. Once the scan starts running, click on its row in the table to see the details of the scan.
Create more sites and scans, or click on "Home" to start exploring the rest of Burp Suite Enterprise Edition.