# TUTORIAL: Install burpsuite on FreeBSD using Linuxulator.



## flowerpower471 (Mar 2, 2022)

Hello everyone, i've been setting up a pentest workstation on FreeBSD,i have had a lot of struggle on making Burp Suite work, so i'm writing this tutorial to spare you all such pain.

This tutorial has been tested on FreeBSD 13.0 Release and Burpsuite v2022.1.1. But it likely works on other versions too!

*First what is Burp Suite.*
Burp Suite is a framework for web pentesting, it has many tools such as a proxy to intercept HTTP requests and a bruteforcing tool.
It has become an industry standard in pentesting and you (kind of) have to know how to use it.
It has some free and open source alternatives such as Mitmproxy and Owasp Zap.

*Before we start:*
1- Burp suite is closed source software, if you are generally distrustful of proprietary software like i am, you may want to think before following this tutorial.
2- We will use a CentOS 7 base for this tutorial, the instructions may vary if you use a SUSE base for example.
3- We will be dealing with the burp suite community edition as it's free.
4-

# Means that a command must be run with root permissions.

$ Means that you don't need root permissions to run a command.

With that out of the way, let's get started.

*Setting up linux compatibility.*

First you should make sure the "linux" and "linux64" kernel modules are loaded.
To do that run `$  kldstat` in a terminal.
If "linux.ko" and "linux64.ko" appear somewhere, then you're good.
Otherwise run `#  kldload linux` and `# kldload linux64`.

Then you must install the linux CentOS7 base.
To do that run `#  pkg install linux_base-c7`.

You must also install linux xorg libraries in order to run linux GUI programs.
To do that: `#  pkg install linux-c7-Xorg-libs`

Finally, make sure the linux service has been started.
For this append `linux_enable="YES"` to /etc/rc.conf (to start it at boot) and run `#  service linux start`

Now you are all good to run Burpsuite.

*Installing and running Burp Suite.*

Download Burp Suite community edition for Linux 64 bits at https://portswigger.net/burp/releases/professional-community-2022-1-1?requestededition=community.
This should download a bash script.
After downloading it cd into its directory and run it with bash.
`$  bash burpsuite_community_linux_*.sh`.

This should pop a straightforward GUI installer.
NOTE: After the install an error will be thrown, ignore it.

Now cd into your home directory, a BurpSuiteCommunity directory should be there, it should contain a burpsuite_community jar file and a jre folder.
cd into it and run `$  ./jre/bin/java --illegal-access=permit -noverify -jar burpsuite_community.jar`.
And voila ! A GUI prompt asking you to accept the license should appear,  accept it and then congratulations. You got burp suite running on FreeBSD.

Everything should work except the embedded browser, you may also encounter some random crashed but those dont happen very often.


*Extras (OPTIONAL).*

If you don't want to repeat the same weird command to run burpsuite, you can make a shell script to run it.

Create a file named burpsuite in /usr/local/bin. I will do it using the nano text editor for the sake of simplicity.
`#  nano /usr/local/bin/burpsuite`.
Then write the following to it:


```
#!/bin/sh

path/to/the/BurpSuiteCommunity/folder/jre/bin/java --illegal-access=permit -noverify -jar path/to/BurpSuiteCommunity/folder/burpsuite_community.jar
```

Save and then run `#  chmod +x /usr/local/bin/burpsuite`.
And tadam! You can run burpsuite by simple typing "burpsuite" in your terminal!.

I hope this tutorial will help people struggling to get this tool working on FreeBSD.


----------



## pinned (Mar 3, 2022)

Thanks for this! I followed your instructions, but get an error.


```
% ./jre/bin/java --illegal-access=permit -noverify -jar burpsuite_community.jar
GLib-GIO-Message: 23:00:10.652: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.
OpenJDK 64-Bit Server VM warning: Option --illegal-access is deprecated and will be removed in a future release.
OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
Could not start Burp: java.lang.NullPointerException
```

The only thing different is a more recent burpsuite version -- burpsuite_community_linux_v2022_2_2.sh

Did you have to install anything else?


----------



## flowerpower471 (Mar 3, 2022)

pinned said:


> Thanks for this! I followed your instructions, but get an error.
> 
> 
> ```
> ...


I am indeed getting the same error when trying with v2022.2.2, i don't really know what could cause such breakage. So the problem is likely coming from this version of burp. But the JRE seems to be working so you should have no problems running v2022.1.1.


----------



## pinned (Mar 4, 2022)

Yup, v2022.1.1 works!

Did you manage to get the embedded browser running without issues? I don't think the installer script executes completely as the burpbrowser directory is missing. I'll run the installer in a linux vm and then copy the directory over to test.

The embedded browser isn't a necessity for me, as using another browser will work just fine. I usually just fire up chrome from the terminal pointing to the proxy and with burp plugins enabled. But I would be interested to know if running the embedded browser without any tweaks was possible.


----------



## SirDice (Mar 4, 2022)

There used to be a port for it: security/burpsuite but it got deprecated a couple years ago. Do you think you could resurrect the port and update it?


----------



## flowerpower471 (Mar 4, 2022)

pinned said:


> Yup, v2022.1.1 works!
> 
> Did you manage to get the embedded browser running without issues? I don't think the installer script executes completely as the burpbrowser directory is missing. I'll run the installer in a linux vm and then copy the directory over to test.
> 
> The embedded browser isn't a necessity for me, as using another browser will work just fine. I usually just fire up chrome from the terminal pointing to the proxy and with burp plugins enabled. But I would be interested to know if running the embedded browser without any tweaks was possible.


I forgot to specify it in the post, but the embedded browser is indeed not installed by the installer.
I guess the error that ends it might be related to the part where it installs the burp browser. It may be possible to install it in a native linux environment and then transfer it to your Freebsd install but i haven't tested it.


----------



## flowerpower471 (Mar 4, 2022)

SirDice said:


> There used to be a port for it: security/burpsuite but it got deprecated a couple years ago. Do you think you could resurrect the port and update it?


I'm going to take a look at the porter's handbook and see what i can do. 
Though maybe i should make something like a linux-burpsuite port instead ? Since linux emulation is required for it.


----------



## SirDice (Mar 4, 2022)

flowerpower471 said:


> Though maybe i should make something like a linux-burpsuite port instead ?


In this case that might be a better idea. The old one has a Java dependency, and we did have a java/linux-sun-jdk17 and java/linux-oracle-jdk18 back in those days.


----------

