Join us in-person this July for the first-ever Antisyphon Summer Camp! Register Here

Workshop: Getting Comfortable in Burp Suite with BB King

Course Authored by .

Workshop: Getting Comfortable in Burp Suite with BB King

An overview of Burp Suite for webapp and API pentesting. If you are looking to take your first webapp pentesting course, this will get you comfortable with Burp Suite ahead of time so you can focus on the pentesting part of the class when you get there.

Course is currently unavailable.

Course Length: 4 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: Content is loading, please wait.

Description

An overview of Burp Suite for webapp and API pentesting. If you are looking to take your first webapp pentesting course, this will get you comfortable with Burp Suite ahead of time so you can focus on the pentesting part of the class when you get there.

Or, if you just want to know how to use Burp Suite to do all the magical things you’ve heard about, this will get you started faster than just about any other option.

We will start with the key functional areas of Burp Suite and how they are used by professional testers every day. Then we will look into the Settings area where some useful functionality is hidden and where you can customize Burp to fit your testing style and available resources. We’ll talk about the Collaborator server, how to route traffic through a jump box to get access to an internal network, custom payload lists, and helpful match-and-replace rules that make common tests simple and repeatable.

Along the way, we’ll use OWASP’s Juice Shop as a safe target to try things out, hands-on.

A small part of what we cover is only available in Burp Suite Pro, which requires a paid license, but the majority of the material works in the free Community version as well.

System Requirements
  • Student/Lab Requirements:
    • Any system that can run Burp Suite
    • Access to a running instance of OWASP’s Juice Shop
    • A Burp Suite Professional license is necessary for some of the features we cover.
    • *We keep those sections brief, and the majority of the material works in the free Community version as well.
    • *Don’t buy a license just for this workshop.

Syllabus

  • Burp Suite Functional Areas
    • HTTP Interception
    • Proxy History
    • Repeater
    • Organizer
    • Comparer
    • Intruder
    • Site Map
    • Dashboard
    • BApp Store
  • Burp Suite Customization
    • Proxy
      • Interception Rules
      • Match and Replace Rules
    • Intruder
      • Custom Payload Lists (Burp Pro Only)
    • Repeater
      • Tab Groups; Naming Tabs
    • Collaborator & Running your Own (Burp Pro Only)
    • Defining Resource Pools: how and why
    • Logging
  • Network
    • Upstream Proxy Servers
    • SOCKS Proxies
  • UI Tweaks

FAQ

Who Should Attend/Prerequisites:
 Anyone interested in learning what you can do with Burp Suite
Audience Skill Level:
Beginner and up (even experienced testers often learn things by watching others use Burp)

About the Instructor

Pixel splash background
Brian "BB" King
BB King
"Artist turned QA Tester turned Pentester and Teacher"
Bio

BB started pentesting professionally in 2008 at the largest financial services company you’ve never heard of. As the second hire on the application security team, he helped define standards and grow the team to a group of more than 30 testers. Through teaching in that environment and elsewhere, he has come to believe that the keys to success are a strong interest in how things work, a willingness to ask questions, and an ability to work through discouragement when things don’t work.

Similar Courses

Shopping Cart

No products in the cart.