Burp Suite: In Depth Survival Guide

Name: Burp Suite: In Depth Survival Guide
Rating: 4.1 (1156 reviews)

Master The Art Of Burp Suite Now

Created byWesley Thijs

Last updated 2/2025

English

What you'll learn

The Ins And Outs Of Burp Suite
Tips And tricks I Picked Up Over Time
Bug Bounty Tips In Regards To Burp Suite
How To Employ Burp Suite To Scan Your Companies Software

Course content

12 sections • 23 lectures • 3h 5m total length

Discord Invite Link
Video: Dashboard17:07
Quiz: Dashboard

Burp collaborator and other free alternatives1:18
Introduction
Imagine you are hacking and you come across 4 parameters that all seem to resolve external URLs. You try google.com but it does not work. You get no feedback.
There are two things you can do in this situation. You can either give up or try to insert the URL of your own out-of-band server into the parameters. Settings up these servers can be cumbersome and this is why burp suite offers us a helping hand so and does a lot of the work for us.
What is an out-of-band server and why would you need it?
Out of band servers are network services that listen for requests and have the ability to report back to the attacker, either via the access log monitoring or a more active system. Portswigger has created an out-of-band server for use that they call the collaborator. In the free version, you have to use the public server which is not always reliable. In this case, I recommend using any of the free private alternatives such as:
Interactsh
webhook.site
Request bin
DNSBin

every collaborator or out of band server will need a unique domain name to make a callback to. This will make it easier to recognize which parameter caused the callback if you use a different server for every parameter/target. It provides an HTTP/HTTPS service and uses a valid, CA-signed, wildcard TLS certificate for its domain name. It also provides an SMTP/SMTPS service.
Whenever an external makes a callback to one of these services we can test further for things like blind RFI or blind SSRF. You will sometimes notice DNS callbacks but no HTTPs callback to accompany it. This is harder to exploit and usually is caused by egress filtering. (filtering outgoing traffic)
This can help you to detect blind XSS, Blind SSRF, RFI, non-time based blind SQLi and possibly other issues that require out of band resource loading.

Requirements

HTTP(s) basics
Very basic knowledge of burp suite
For the best experience with Burp Suite Professional Or Community Edition, we recommend using a machine with at least 8 GB of memory and 2 CPU cores

Description

Introduction

This course forms both the basics and advanced use cases of Burp Suite into an easy to use an reference survival guide with video file and full text PDF with screenshot for reference.

If you really want to test your skills you can take one of the gruelling quizzes that will make you think twice (At the very least) before you submit an answer.

All this combined with practical examples in the video files will make sure you know burp suite like your back pocket.

PortSwigger has designed a lot beautifull labs for use which we will use to illustrate the pratical usage of burp suite.

This is not your average video course. I am here to go fast and break things. The teaching industry can use a new wind!

Content

Every tab in burp suite gets treated in a chapter
Every chapter contains
- a video file
- a PDF with a full text on the video topic
A PDF with my top 5 Community and top 5 Pro edition extensions
A PDF explaining how Authorize works so you can test for IDORs and BAC
A PDF explaining how the proxy option "Match and replace" can be used to our advantage

Who am i?

I am The XSS Rat, also known as Wesley. I created infosec tutorials and courses in a unique way. It's my opinion that a teacher should be able to bring knowledge in an inspirational way but also make sure that knowledge is retained. This is a very unique challenge requiring out of the box thinking. My courses never just consist of a video or video + PDF only format. Courses should be interactive and not just boring reads of powerpoint slides.

Who this course is for:

Companies looking to train their employees in burp suite usage
Bug bounty hunters trying to level up their Burp Understanding
Profesional Pentesters looking to get the most of Burp Suite

Burp Suite: In Depth Survival Guide

What you'll learn

Explore related topics

Course content

Dashboard2 lectures • 17min

Target1 lecture • 5min

Proxy1 lecture • 10min

Intruder1 lecture • 10min

Repeater + Sequencer1 lecture • 9min

Decoder1 lecture • 3min

Comparer + Other tabs1 lecture • 5min

Burp suite collaborator1 lecture • 1min

Testing mobile applications with burp suite1 lecture • 1min

Practical examples5 lectures • 9min

Requirements

Description

Who this course is for: