Hacker's Kali Setup
Last updated
Last updated
Download and install VMware to host your Kali Linux VM.
Download and Install the Kali VMWare 64-bit VM.
For additional help with installation, please read the Kali.org docs ().
User: kali
Pass: kali
Once you have your Kali VM up and running, open the Kali Linux Terminal and use the following commands to update your system:
$ sudo apt update -y
$ sudo apt upgrade -y
$ sudo apt dist-upgrade -y
When starting a new operating system it is always a great idea to update default credentials:
$ sudo passwd kali (enter in a new more complex password)
$ sudo useradd -m hapihacker
$ sudo usermod -a -G sudo hapihacker
$ sudo chsh -s /bin/zsh hapihacker
Burp Suite should come stock with the latest version of Kali, but if it does not then use the following command:
$ sudo apt-get install burpsuite -y
Under the Extender BApp Store search for Autorize and install the extension.
Search for FoxyProxy Standard.
Add FoxyProxy to Firefox.
Install FoxyProxy Standard and add it to your browser.
Click the fox icon at the top-right corner of your browser (next to the URL) and select Options.
Select Proxies >Add New Proxy >Manual Proxy Configuration.
Add 127.0.0.1 as the host IP address.
Update the port to 8080 (Burp Suite’s default proxy settings).
Under the General tab, rename the proxy to BurpSuite.
Add a second new proxy:
Add 127.0.0.1 as the host IP address.
Update the port to 5555
Under the General tab, rename the proxy to Postman
Start Burp Suite.
Open your browser of choice.
Save the certificate somewhere you can find it.
Now that you have the PortSwigger CA certificate added to your browser, you should be able to intercept traffic without experiencing issues.
Now we will also import the cert for MITMweb through a very similar process.
Stop burpsuite (it's listening on 8080 and mitmweb needs that to work)
Start mitmweb from the terminal: $mitmweb
Use FoxyProxy in Firefox to send traffic to the BurpSuite proxy (8080).
Download the mitmproxy-ca-cert.pem for Firefox.
$ sudo wget https://dl.pstmn.io/download/latest/linux64 -O postman-linux-x64.tar.gz && sudo tar -xvzf postman-linux-x64.tar.gz -C /opt && sudo ln -s /opt/Postman/Postman /usr/bin/postman
$ sudo apt-get install git
Install Docker
$ sudo apt-get install docker.io docker-compose
$ sudo apt install golang-go
$ cd /opt
$ cd jwt_tool
$ python3 -m pip install termcolor cprint pycryptodomex requests
(Optional) Make an alias for jwt_tool.py
$ sudo chmod +x jwt_tool.py
$ sudo ln -s /opt/jwt_tool/jwt_tool.py /usr/bin/jwt_tool
$ cd kiterunner
$ sudo make build
$ sudo ln -s /opt/kiterunner/dist/kr /usr/bin/kr
$ sudo apt install zaproxy
Once ZAP is installed, make sure to navigate to the Manage Add-Ons (CTRL+U). Make sure to apply updates for the Fuzzer and OpenAPI Support.
$ sudo wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \ && sudo unzip SecList.zip \ && sudo rm -f SecList.zip
Download Jython () and add the .jar file to the Extender Options:
While Firefox is open use the shortcut CTRL+Shift+A or navigate to .
Using FoxyProxy, select the BurpSuite proxy. Navigate to and click the CA Certificate. This should initiate the download of the Burp Suite CA certificate.
Open your browser and import the certificate. In Firefox, open Preferences and use the search bar to look up certificates. Import the certificate.
In Chrome, open Settings, use the search bar to look up certificates, select More>Manage Certificates>Authorities, and import the certificate. If you do not see the BurpSuite cacert.der certificate. (You may need to expand the file type options to “DER” or “All files").
Using Firefox Visit mitm.it.
Return to the Firefox certificates (see Burp Suite Certificate instructions).
Import the MITMweb (mitmproxy-ca-cert.pem) certificate.
$ sudo git clone
$ sudo git clone
$ sudo git clone
SecLists ()
Hacking-APIs ()
$ sudo wget -c -O HackingAPIs.zip \ && sudo unzip HackingAPIs.zip \ && sudo rm -f HackingAPIs.zip
