Monthly Archives: May 2015

Tip: Running BurpSuite on a Mac

Tip: Running BurpSuite on a Mac

Here’s a quick tip I use to save some time when spinning up Burp Suite on a Mac.  I use Burp Suite frequently enough that having an icon on my task bar is warranted. I also like to start Burp Suite with more memory allocated to the JVM than the default.  To accomplish all of this, we will simply create an Automator workflow that runs Burp in a shell script.

I’m going to break this down step-by-step for those who are not familiar with Automator.  Before I get started though I will mention that I originally “borrowed” this tip from James (Jardine) when I saw him using it… and then made my own improvements.

To start, open the Automator app, which is a standard application that should already be installed, and create a new automator ‘Application’ (that second icon on the ‘type of document’) prompt:

Automator
Next add the ‘Run Shell Script’ action, which can be found in the ‘Utilities’ library of actions:
Automator Script
Now you just need to replace the default text ‘cat’ with the right shell script.  I typically run BurpSuite with 4GB of RAM, which means I will run Java with the following options:
java -Xmx4g -jar <jar filename>

What about that filename?  Well that’s easy.  If you have been installing Burp in the default location under /Applications, then it will simply be something like:

/Applications/burpsuite_pro_v1.6.18.jar

…where that version number is whatever the latest version is that you have installed.  All you have to do is modify your automator script whenever you install a new version of Burp.  But wait a minute… with all the power of Linux running on a modern processor there must be some way to have your Automator script find the most recent burp jar file for you, right?  Of course there is!  We will replace the filename with an instruction to list all burpsuite_pro files ordered by modified time and return just the first one.  Now our final command looks like this:

java -Xmx4g -jar “$(ls -t /Applications/burpsuite* | head -n1)”

Save it and test it.  If all is working properly Burp should start up.  There are a couple of quirks I will mention so that you know these are expected.  First, because the automator script is calling Burp (which has its own window), you will see both the automator script icon and the Java icon as active apps on the task bar.  Second, while the automator script is running you will see a small spinning gear on the bar at the top of the screen.  Both of these are normal behavior.

The last step to polishing this solution off will be to change the icon of your new Automator app to one that is more meaningful.  This entails finding an appropriate icon, opening the ‘info’ tab for your app, and pasting it in.  I am not going to walk through those details here since others have already covered the task in detail (e.g. osxdaily shows us here).


Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.

SamuraiWTF 3.2 RELEASED!

We are really excited to announce that SamuraiWTF 3.2 is now available publicly.  This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the… Continue Reading

And Now… Introducing: Burp BS!

Burp BS… where the “BS” stands for BeanShell.  “What on earth is BeanShell?” you may ask?  BeanShell is a very old Java library that was designed to build scripts in Java (full details on www.beanshell.org).  It never really caught on for general use because the Java language is designed from the ground up to be… Continue Reading