Learn Burp Suite, the Nr. 1 Web Hacking Tool
4.2 (934 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
25,130 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Learn Burp Suite, the Nr. 1 Web Hacking Tool to your Wishlist.

Add to Wishlist

Learn Burp Suite, the Nr. 1 Web Hacking Tool

Learn how to make you web application testing easier and faster with the Burp Suite.
4.2 (934 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
25,130 students enrolled
Created by Geri Revay
Last updated 3/2017
English [Auto-generated]
Price: Free
  • 2 hours on-demand video
  • 1 Article
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Learn how to use the Burp Suite in a web application penetration test
  • Through examples show you the main functionality of the Burp Suite
  • Start you in your way to become an efficient penetration tester
View Curriculum
  • The course is not a web application hacking course. Quite a few web vulnerabilities will be shown in the examples, however, the focus will be on the Burp Suite. Still if you want to learn web hacking, it will be still good to kickstart it, just don't expect the course to cover everything.
  • To do the course you will need the free edition of Burp Suite and the Owasp WebGoat, both are available for free. I will use the Kali linux as my operating system, but that is optional.

This course will help you to master the Burp Suite. If you are doing or wanting to do penetration testing, then it is 100% that you will work with web application. At the moment the Burp Suite is the most important tool for that. What you learn in this course can be immediately used in web application assessments.

Quickly Master the Most Important Web Hacking/Penetration Testing Tool, the Burp Suite.

  • Learn the most important features of the Burp Suite
  • Hands-on exercises
  • Automate what you can
  • Do efficient manual testing

Content and Overview

This course focuses on the Burp Suite. It is not a web application hacking course, although you will get to know various web attacks, which you can immediately try out yourself. First you will setup your own test environment with the Owasp WebGoat vulnerable web application and the Burp Suite. Then I will show you how to use the various modules in the tool. These modules can be used in different parts of the penetration test. They help you to easily reuse request or to automate some of your work. We will try out these tool together by attacking the WebGoat. The course if fully hands-on, so that you can do everything yourself as well. After finishing this course you will be able to employ the Burp Suite in your work immediately, whether you do penetration testing or any other web related work.

Who is the target audience?
  • This course is meant for people who have an intermediate understanding of how the web works. The best is if you already work in IT or you study it, however, if you know how an HTTP request and response looks like, then you should be fine.
  • Even if you are not into web hacking, but you work with web applications regularly, it still makes sense to take this course because the Burp Suite is a HTTP proxy so it can come useful anytime.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
10 Lectures
3 Lectures 14:53

Download resources

In this lecture we will set up our test environment. We will install a Tomcat server on a Kali Linux and deploy the WebGoat in the Tomcat. The proper configuration of the WebGoat will be also covered. At the end you will have a proper test environment where you can test the WebGoat through the Burp Proxy.

Environment Setup
The Tool
6 Lectures 01:39:57

In this lecture we will cover the general concept of the Burp Proxy. I will explain how the test architecture works and we will discuss the basics of the Burp Suite.

General Concept

We will start the detailed examination of the Burp Suite in this lecture. First we look at the Proxy module which allows us to inspect all traffic going through Burp.

Proxy Module

The Repeater module of the Burp Suite allows us to do convenient manual testing. We will get to know this module by exploiting a cross-site scripting vulnerability in the WebGoat.

Repeater Module

In this lecture we are going to discuss two modules, the Target and the Spider. I will show how you can use the Target module to get a better understanding of the structure and how to use the Spider to discover every hidden parts of the target application.

Target and Spider Modules

We will first look at the Sequencer to test the randomness of various elements. In the example we will analyse the entropy of the JSESSIONID cookie. Although the Scenner is not part of the free edition of the Burp Suite, I will still introduce it, to make sure that you make an educated decision when you consider buying the pro version.

Sequencer and Scanner Modules

In this lecture we are going to try the Intruder module, which is the semi-automated testing tool of the Burp Suite. We are going to brute-force the "Password Forget" feature of the WebGoat. The Comparer will be also used in this attack to make your testing more efficient.

Intruder and Comparer Modules
1 Lecture 00:49
About the Instructor
Geri Revay
4.2 Average rating
933 Reviews
25,136 Students
2 Courses
Penetration Tester/ Ethical Hacker

I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.

Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.