Burp Suite Essential Training
1h 25mIntermediate2022-02-08
Authors

Malcolm Shore
Cybersecurity Expert, Former Director of GCSB
Course details
Burp Suite, the popular web application penetration testing tool, has quickly become one of the preferred choices of security professionals around the world. In this course, instructor Malcolm Shore provides you with an in-depth look at how to use Burp Suite to meet all of your pen testing needs.
Explore the basics of the Burp Suite user interface as well as how to proxy web traffic and set up additional targets. Learn about using Burp Suite as both a website crawler and a man in the middle proxy for message viewing, finding missing content, and modifying and manipulating commands. Find out how Burp Suite works as an attack tool when it's in intruder mode, and how to configure CO2 as an extension that integrates with SQLMap. Along the way, Malcolm offers tips on how to take your web application penetration testing skills to the next level and beyond.
Explore the basics of the Burp Suite user interface as well as how to proxy web traffic and set up additional targets. Learn about using Burp Suite as both a website crawler and a man in the middle proxy for message viewing, finding missing content, and modifying and manipulating commands. Find out how Burp Suite works as an attack tool when it's in intruder mode, and how to configure CO2 as an extension that integrates with SQLMap. Along the way, Malcolm offers tips on how to take your web application penetration testing skills to the next level and beyond.
Skills covered
Burp SuitePortSwiggerPenetration TestingEssential TrainingCybersecurity
Concepts
0. Introduction
- 01 - Learning how to use Burp Suite effectively
- 02 - What you should know
- 03 - Course disclaimer
1. Burp Suite Basics
- 04 - What is Burp Suite
- 05 - Getting to know Burp Suite
- 06 - Proxying web traffic
- 07 - Using Burp Suite as a proxy
- 08 - Setting up additional targets
2. Scanning
- 09 - Crawling the website
- 10 - Finding hidden webpages
- 11 - Understanding message content
- 12 - Finding missing content
3. Man in the Middle
- 13 - Intercepting bank transactions
- 14 - Exploiting headers
- 15 - Inserting an SQL injection via Burp Suite
- 16 - Saving request messages for further exploitation
- 17 - Injecting commands into messages
4. Being an Intruder
- 18 - Introducing the Intruder
- 19 - Manipulating cookies
- 20 - The four Intruders
5. Extensions
- 21 - Using CO2 to integrate SQLMap
Conclusion
- 22 - Next steps
Related courses
- Dynamic Application Security Testing (DAST) (2019)
- Penetration Testing Essential Training
- Android App Security: A Structured Approach to Pen Testing
- Dynamic Application Security Testing
- Penetration Testing Web Apps with Kali and Burp Suite
- Ethical Hacking: Hacking Web Servers and Web Applications
- Introduction to Kali Linux for Penetration Testing and Ethical Hacking
- Node.js: Security (2018)