Learn Burp Suite, the Nr. 1 Web Hacking Tool

Learn how to make you web application testing easier and faster with the Burp Suite.
4.3 (543 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
16,390 students enrolled
Start Learning Now
  • Lectures 10
  • Length 2 hours
  • Skill Level Beginner Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 12/2015 English

Course Description

This course will help you to master the Burp Suite. If you are doing or wanting to do penetration testing, then it is 100% that you will work with web application. At the moment the Burp Suite is the most important tool for that. What you learn in this course can be immediately used in web application assessments.

Quickly Master the Most Important Web Hacking/Penetration Testing Tool, the Burp Suite.

  • Learn the most important features of the Burp Suite
  • Hands-on exercises
  • Automate what you can
  • Do efficient manual testing

Content and Overview

This course focuses on the Burp Suite. It is not a web application hacking course, although you will get to know various web attacks, which you can immediately try out yourself. First you will setup your own test environment with the Owasp WebGoat vulnerable web application and the Burp Suite. Then I will show you how to use the various modules in the tool. These modules can be used in different parts of the penetration test. They help you to easily reuse request or to automate some of your work. We will try out these tool together by attacking the WebGoat. The course if fully hands-on, so that you can do everything yourself as well. After finishing this course you will be able to employ the Burp Suite in your work immediately, whether you do penetration testing or any other web related work.

What are the requirements?

  • The course is not a web application hacking course. Quite a few web vulnerabilities will be shown in the examples, however, the focus will be on the Burp Suite. Still if you want to learn web hacking, it will be still good to kickstart it, just don't expect the course to cover everything.
  • To do the course you will need the free edition of Burp Suite and the Owasp WebGoat, both are available for free. I will use the Kali linux as my operating system, but that is optional.

What am I going to get from this course?

  • Learn how to use the Burp Suite in a web application penetration test
  • Through examples show you the main functionality of the Burp Suite
  • Start you in your way to become an efficient penetration tester

Who is the target audience?

  • This course is meant for people who have an intermediate understanding of how the web works. The best is if you already work in IT or you study it, however, if you know how an HTTP request and response looks like, then you should be fine.
  • Even if you are not into web hacking, but you work with web applications regularly, it still makes sense to take this course because the Burp Suite is a HTTP proxy so it can come useful anytime.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Setup
Download resources

In this lecture we will set up our test environment. We will install a Tomcat server on a Kali Linux and deploy the WebGoat in the Tomcat. The proper configuration of the WebGoat will be also covered. At the end you will have a proper test environment where you can test the WebGoat through the Burp Proxy.

Section 2: The Tool

In this lecture we will cover the general concept of the Burp Proxy. I will explain how the test architecture works and we will discuss the basics of the Burp Suite.


We will start the detailed examination of the Burp Suite in this lecture. First we look at the Proxy module which allows us to inspect all traffic going through Burp.


The Repeater module of the Burp Suite allows us to do convenient manual testing. We will get to know this module by exploiting a cross-site scripting vulnerability in the WebGoat.


In this lecture we are going to discuss two modules, the Target and the Spider. I will show how you can use the Target module to get a better understanding of the structure and how to use the Spider to discover every hidden parts of the target application.


We will first look at the Sequencer to test the randomness of various elements. In the example we will analyse the entropy of the JSESSIONID cookie. Although the Scenner is not part of the free edition of the Burp Suite, I will still introduce it, to make sure that you make an educated decision when you consider buying the pro version.


In this lecture we are going to try the Intruder module, which is the semi-automated testing tool of the Burp Suite. We are going to brute-force the "Password Forget" feature of the WebGoat. The Comparer will be also used in this attack to make your testing more efficient.

Section 3: Congrats!

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Geri Revay, Penetration Tester/ Ethical Hacker

I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.

Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.

Ready to start learning?
Start Learning Now