📰 Originally published on SecurityElites — the canonical, fully-updated version of this article.
DAY 2 OF 60
BUG BOUNTY MASTERY COURSE
FREE — ALL 60 DAYS
🟢 Day 2 — Hacking Lab Setup
Day 60 — Pro Hunter $$$$
02
Right now, every HTTPS website you visit is encrypting its traffic — sending your clicks, form submissions, passwords, and session tokens wrapped in a layer of TLS that, by design, nobody except the server should be able to read. Every bug bounty hunter worth their bounty can read every single one of those requests in plain text. Today you join them.
By the end of this session — which you can complete in about 90 minutes — you will have Burp Suite running, Firefox configured to route all its traffic through Burp, your CA certificate installed so HTTPS decrypts cleanly, and your first real HTTP request frozen on screen waiting for you to read it. That moment — seeing your own browser’s request decoded and displayed — is when this stops being abstract. You’ll never look at a web application the same way again.
This is the burp suite setup for bug bounty that every professional uses. No shortcuts. No confusion. Just the exact steps, in order, with screenshots for every single one of them.
✅
Before You Start Day 2 — Quick Day 1 Check
Did you complete Day 1’s action steps? HackerOne account created, 3 Hacktivity reports read, one beginner program selected? If yes — perfect, let’s build your lab. If not — do those first. Foundation before tools. The programme in your head needs to come before the tools on your screen.
📋 Day 2 Contents — Follow In Order
- What You Need (Nothing Paid)
- Step 1 — Install Burp Suite Free
- Step 2 — FoxyProxy Configuration
- Step 3 — Install CA Certificate (HTTPS Fix)
- Step 4 — Your First HTTP Interception
- Understanding What You’re Seeing
- Intro to Burp Repeater
- 5 Essential Firefox Extensions
- Kali Linux vs Windows — Which?
- Day 2 Task + Checklist
What You Need for Your Bug Bounty Hacking Lab — All Free
Before touching a single installation file, let me be clear about one thing: you do not need to spend money today. The professional-grade bug bounty toolkit is almost entirely free. Here’s exactly what we’re installing in this session and why each piece matters:
Tool
Cost
Purpose
Today’s Priority
Burp Suite Community
FREE
Intercept, modify, and replay HTTP/S requests
INSTALL TODAY
Firefox Browser
FREE
Primary testing browser — best proxy support
CONFIGURE TODAY
FoxyProxy Standard
FREE
One-click proxy switching in Firefox
INSTALL TODAY
Burp CA Certificate
FREE
Lets Burp decrypt HTTPS traffic without errors
INSTALL TODAY
Wappalyzer + others
FREE
Fingerprint technologies running on target sites
OPTIONAL TODAY
This setup works on Windows, macOS, and Linux. I’ll note any OS-specific differences as we go. One important thing: create a dedicated Firefox profile for bug bounty testing — separate from your personal browsing. We’ll set this up as part of the process. You don’t want your bank’s session cookies flowing through Burp Suite during a testing session.
STEP 1 Installing Burp Suite Community Edition — The Free Version That Does Everything You Need
Burp Suite is made by PortSwigger — a company entirely dedicated to web security research and education. The Community Edition is genuinely free, not a crippled trial. For bug bounty beginners, Community Edition is all you need for the first six months at minimum. The Professional version ($449/year) adds an automated scanner and faster intruder — features that become relevant once you’re earning consistently.
📥 Download Instructions
1
Go to portswigger.net/burp/communitydownload
2
Click “Download Burp Suite Community Edition” — choose your OS (Windows EXE / macOS DMG / Linux JAR)
3
Run the installer — leave all defaults. Java is bundled. No separate Java install needed.
4
Launch Burp Suite → click “Temporary project” → click “Use Burp defaults” → click “Start Burp”
securityelites.com
B
Burp Suite Community Edition v2026.1 FREE
Proxy
Repeater
Intruder
Decoder
Comparer
Intercept
HTTP history
WebSockets history
Options
Intercept is on
Forward
Drop
Open browser
⏳
Waiting for traffic…
Configure your browser to use proxy 127.0.0.1:8080 then visit a website to see requests appear here
Proxy listening on: 127.0.0.1:8080 | Burp Suite Community Edition
Burp Suite Community Edition — Freshly launched. Intercept is ON (green button) but no traffic yet. The proxy listener is running on 127.0.0.1:8080. Next step: connect Firefox to this listener.
💡 Mr Elite’s Tip: Every time you start Burp Suite, choose “Temporary project” for daily bug bounty work. Only create saved projects when you’re doing a multi-session deep dive on a single program. Temporary projects launch faster and stay cleaner.
STEP 2 FoxyProxy — Configure Firefox to Route Traffic Through Burp Suite
FoxyProxy is a Firefox extension that adds a one-click proxy switcher to your browser toolbar. Without it, you’d need to dive into Firefox settings and manually change the network configuration every time you want to start or stop intercepting. With FoxyProxy, it’s one click. Every real bug bounty hunter uses this or an equivalent.
📖 Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites →
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)