Workshop: Getting Comfortable in Burp Suite with BB King
Overview
- Course Length: 4 hours
- Support from expert instructors
- Includes a certificate of completion
What You
Can
An overview of Burp Suite for webapp and API pentesting. If you are looking to take your first webapp pentesting course, this will get you comfortable with Burp Suite ahead of time so you can focus on the pentesting part of the class when you get there.
Or, if you just want to know how to use Burp Suite to do all the magical things you’ve heard about, this will get you started faster than just about any other option.
We will start with the key functional areas of Burp Suite and how they are used by professional testers every day. Then we will look into the Settings area where some useful functionality is hidden and where you can customize Burp to fit your testing style and available resources. We’ll talk about the Collaborator server, how to route traffic through a jump box to get access to an internal network, custom payload lists, and helpful match-and-replace rules that make common tests simple and repeatable.
Along the way, we’ll use OWASP’s Juice Shop as a safe target to try things out, hands-on.
A small part of what we cover is only available in Burp Suite Pro, which requires a paid license, but the majority of the material works in the free Community version as well.
Syllabus
- Burp Suite Functional Areas
- HTTP Interception
- Proxy History
- Repeater
- Organizer
- Comparer
- Intruder
- Site Map
- Dashboard
- BApp Store
- Burp Suite Customization
- Proxy
- Interception Rules
- Match and Replace Rules
- Intruder
- Custom Payload Lists (Burp Pro Only)
- Repeater
- Tab Groups; Naming Tabs
- Collaborator & Running your Own (Burp Pro Only)
- Defining Resource Pools: how and why
- Logging
- Proxy
- Network
- Upstream Proxy Servers
- SOCKS Proxies
- UI Tweaks
Virtual (June 13th, 2025)
- June 13th – 11 AM EST – 4 PM EST
Student/Lab Requirements:
- Any system that can run Burp Suite
- Access to a running instance of OWASP’s Juice Shop
- A Burp Suite Professional license is necessary for some of the features we cover.
- We keep those sections brief, and the majority of the material works in the free Community version as well.
- Don’t buy a license just for this workshop.
Who Should Attend/Prerequisites:
- Anyone interested in learning what you can do with Burp Suite
Audience Skill Level:
- Beginner and up (even experienced testers often learn things by watching others use Burp)
Live Training
- Pay What You Can
- Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
- Access to course slides for future reference
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge
