Bug Bounty Bootcamp — Chapter 4

Building My Kali Lab (Step-by-Step Guide)

6 min readSep 19, 2025

Recently, I have been reading Bug Bounty Bootcamp by Vickie Li; When I reached Chapter 4, it was time to stop just reading and actually build a lab and write a how-to tutorial. This chapter is all about setting up the environment you’ll use to intercept, analyze, and manipulate web traffic — the foundation of every bug bounty hunter’s workflow.

I chose Kali Linux as my base. Here’s every step I took to create a fully functional lab you can replicate on your own machine.

Step 0: Update Kali

Step 0.5: Verify Java (JRE) for Burp Suite

Burp Suite is a Java application. If your Java Runtime Environment (JRE) isn’t compatible, Burp won’t start. On my system, Kali shipped with OpenJDK 21.0.8, which works perfectly since Burp requires Java 11 or later.

Check your Java version

Expected output:

If you see 11, 17, or 21, you’re good to go.

Fixing Java Issues

Not installed:

Too old (below 11):

Multiple versions:

Select the latest installed JRE.

Once Burp detects Java 11+, you’re set.

Step 1: Install the Latest Firefox (Not ESR)Kali ships with Firefox ESR, but I wanted the latest stable build from Mozilla’s repo.
Within in terminal, type or copy and paste theses commands:
1. Create keyring
sudo install -d -m 0755 /etc/apt/keyrings
2. Import Mozilla signing key
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- \
| sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
3. Add Mozilla repo
echo “deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main” \
| sudo tee /etc/apt/sources.list.d/mozilla.list > /dev/null
4. Pin Mozilla’s repo
echo ‘Package: *
Pin: origin packages.mozilla.org
Pin-Priority: 1000’ | sudo tee /etc/apt/preferences.d/mozilla > /dev/null
4. Install Firefox stable
sudo apt update && sudo apt -y install firefox

Step 2: Verify Burp Suite

Burp Suite Community Edition comes preinstalled on Kali. If it’s missing:

Launch it:

Press enter or click to view image in full size

Inside Burp:

Go to Proxy → Options.
Confirm the listener is running on 127.0.0.1:8080.

Step 3: Configure Firefox to Use Burp

Open Firefox → Settings → Network Settings → Settings…
Select Manual proxy configuration
Enter:

HTTP Proxy: 127.0.0.1
Port: 8080

Check Use this proxy for all protocols
Save and restart Firefox

Step 4: Install Burp’s CA Certificate (for HTTPS)

Right now, HTTPS websites will show errors because Burp intercepts encrypted traffic. To fix this, you need to install Burp’s CA Certificate into Firefox so it trusts Burp as a man-in-the-middle.

Download Burp’s CA Certificate

Make sure Burp is running.
In Firefox (already proxied to Burp), go to:

(If that doesn’t load, use `http://127.0.0.1:8080`)

Burp’s Welcome Page will appear.
Click CA Certificate → this downloads cacert.der.
Click CA Certificate → this downloads cacert.der.

Import the Certificate into Firefox Authorities

Open Firefox → Settings → Privacy & Security.
Scroll down to Certificates → View Certificates…
Open the Authorities tab.
Click Import…

Select the downloaded file cacert.der.

In the trust dialog, check:

Trust this CA to identify websites

Click OK → then OK again to close the manager.
Restart Firefox.

Now HTTPS traffic flows through Burp without warnings.

Step 5: Warm Up With Burp’s Tools

With Firefox routing traffic through Burp and HTTPS interception working, I tested Burp’s core tools so I knew how to use them later in real bug hunts.

Proxy (Live Interception)

Turn on Proxy → Intercept → Intercept is on.
Visit http://example.com in Firefox.
The request shows up in Burp. Modify it if you want, then click Forward.
Toggle Intercept is off to browse normally while logging traffic in HTTP history.

Repeater (Replay & Modify Requests)

In HTTP history, right-click a request → Send to Repeater.
Open Repeater, change a parameter or header, then click Send.
Compare responses to see how the server reacts.

Intruder (Automated Payload Testing)

In HTTP history, right-click a request → Send to Intruder.
Mark positions with the § symbol (e.g., around a parameter value).
Load a payload list (e.g., common fuzz strings).
Launch the attack → watch Burp highlight response changes.

(Community Edition throttles Intruder, but it’s still great for learning.)

Decoder (Translate Encoded Data)

Copy something encoded (e.g., dXNlcm5hbWU9b3NjYXI=).
Paste into Decoder → choose Decode as Base64.
See it translate into username=example_name.

Comparer (Spot Differences)

Right-click two different responses → Send to Comparer.
In Comparer, use Words or Bytes mode to highlight changes.

Running through these tools once gave me a practical feel for how Burp turns raw traffic into actionable insights.

Step 6: Take Notes Like a Pro

Bug bounty reports live or die by reproducibility. Notes are your insurance policy. Here’s how I built my workflow:

What I Recorded

Target URL and endpoint: https://target.com/login
Request method: POST
Parameters: username, password
Payloads tested: ' OR '1'='1
Server response: 200 OK + error message

How I Captured Data

Starred important requests in Burp’s HTTP history.
Exported requests/responses that showed unusual behavior.
Took screenshots of responses or error messages.
Logged everything in a Markdown file with timestamps.

Why It Matters

Lets me re-run the same test later to confirm.
Provides ready-made details for the Steps to Reproduce section of a bug report.
Protects me from false positives.

With disciplined note-taking, I wasn’t just “clicking around” — I was building a repeatable, professional workflow.

End Result

By the end of Chapter 4, I had:

Kali fully updated
JRE 21.0.8 powering Burp with no issues
Latest Firefox connected to Burp
HTTPS interception working cleanly
Confidence with Burp’s Proxy, Repeater, Intruder, Decoder, and Comparer
A disciplined note-taking system

This wasn’t just theory anymore — I had a working hacker’s lab.

Coming NextChapter 5 is all about reconnaissance — mapping your target before you even launch an attack. With my lab set up, I’m ready to start the hunt.
Stay tuned.

References

Mozilla — Install Firefox on Linux (.deb APT repo setup)
Li, V. (2021). Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities. No Starch Press. ISBN-13: 978–1–7185–0154–6
PortSwigger (Burp Suite Docs) — Getting Started with Burp Suite
PortSwigger (CA Certificate Setup) — Installing Burp’s CA Certificate
Mozilla Support — Connection Settings in Firefox
Kali Linux Docs — Kali Tools: Burp Suite