This course will help you to master the Burp Suite. If you are doing or wanting to do penetration testing, then it is 100% that you will work with web application. At the moment the Burp Suite is the most important tool for that. What you learn in this course can be immediately used in web application assessments.
Quickly Master the Most Important Web Hacking/Penetration Testing Tool, the Burp Suite.
Content and Overview
This course focuses on the Burp Suite. It is not a web application hacking course, although you will get to know various web attacks, which you can immediately try out yourself. First you will setup your own test environment with the Owasp WebGoat vulnerable web application and the Burp Suite. Then I will show you how to use the various modules in the tool. These modules can be used in different parts of the penetration test. They help you to easily reuse request or to automate some of your work. We will try out these tool together by attacking the WebGoat. The course if fully hands-on, so that you can do everything yourself as well. After finishing this course you will be able to employ the Burp Suite in your work immediately, whether you do penetration testing or any other web related work.
In this lecture we will set up our test environment. We will install a Tomcat server on a Kali Linux and deploy the WebGoat in the Tomcat. The proper configuration of the WebGoat will be also covered. At the end you will have a proper test environment where you can test the WebGoat through the Burp Proxy.
In this lecture we will cover the general concept of the Burp Proxy. I will explain how the test architecture works and we will discuss the basics of the Burp Suite.
We will start the detailed examination of the Burp Suite in this lecture. First we look at the Proxy module which allows us to inspect all traffic going through Burp.
The Repeater module of the Burp Suite allows us to do convenient manual testing. We will get to know this module by exploiting a cross-site scripting vulnerability in the WebGoat.
In this lecture we are going to discuss two modules, the Target and the Spider. I will show how you can use the Target module to get a better understanding of the structure and how to use the Spider to discover every hidden parts of the target application.
We will first look at the Sequencer to test the randomness of various elements. In the example we will analyse the entropy of the JSESSIONID cookie. Although the Scenner is not part of the free edition of the Burp Suite, I will still introduce it, to make sure that you make an educated decision when you consider buying the pro version.
In this lecture we are going to try the Intruder module, which is the semi-automated testing tool of the Burp Suite. We are going to brute-force the "Password Forget" feature of the WebGoat. The Comparer will be also used in this attack to make your testing more efficient.
I hack stuff for fun and profit, at the moment at Siemens AG in Germany. I was also an external consultant for various companies in insurance, banking, telco or even car production. When I have some free time I also talk at conferences.
Here at Udemy my goal is to put my knowledge and experience in a form which is useful for others, to save you the time, which I spent to acquire all this knowledge from different sources.