In this course, you will learn the basics of web application security testing with Burp Suite, the industry standard tool for manual web application security testing. You'll learn how to use Burp Suite to intercept and modify HTTP(S) traffic, identify and exploit common web application vulnerabilities, and automate repetitive tasks.
General
Fundamentals
Burp Suite is a Web Proxy used to intercept web application traffic. Burp Suite was developed and is maintained by Portswigger.This tool is used by every pentester daily and is in their toolkit. Some of the main features that burpsuite has besides the main proxy is the Repeater, Decoder/Encoder. Intruder, Comparer, Collaborater, and Burp Extender. Burpsuite is an essential tool for web application pentesters through out this module you will learn how to use every part of burp suite and leverage it to find flaws in web applications and APIs.
The community edition of Burp Suite should be enough for most penetration testers. However, as we dive deeper into more advanced web application penetration testing, the professional features may be well worth it. In this module, we'll focus on features available in the community and professional editions of Burp Suite.
Burp Suite Pro:
Burp Suite Community:
You can use BurpSuite Community to do just about anything related to web application hacking; However, BurpSuite Pro makes this much easier and faster. BurpSuite Community is very limited in what you can do. Both can get the job done, it is $300.00 USD a year for a Burp pro subscription, and Community is 100% free.
Tools available on BurpSuite Pro:
Tools available on BurpSuite Community:
Burp Suite offers several valuable shortcuts that can significantly save time during testing. Although their meanings might not be clear at the moment, it's worth remembering them for future reference, as they could be useful while in a time restricted test.
Keybinding | Description of Keybinding |
CTRL+I
|
Sends Current Request To Intruder |
CTRL+R
|
Sends Current Request To Repeater |
CTRL+U
|
Url Encodes Highlighted Text |
CTRL+SHIFT+U
|
Url Decodes Highlighted Text |
If you are a student or part of a bussiness you may qualify for a free trial of Burp Suite Pro. All you have to do is go here: Burp Pro Trial and enter your student or bussiness email and you may get a free trial of Burp Suite Pro. This will help you follow along with this course module and it is reccomended to have Burp Suite Pro.
Course Syllabus