Sep 1, 2018

Mastering Burp Suite Pro

Tags: ,

Just completed the training Aug (27~29) on Mastering Burp Suite Pro: 100% Hands-on. 

This is one of the HITB Technical training series by Nicholas Gregoire, one of the best Burp Suite Pro subject matter expert (SME) in the world.

Day 1

  • Introduction to Burp: GUI, tools, audit workflow, inline help, …
  • Proxy module: scope, filters, sorting, …
  • Repeater module: exploitation of the D-Link DIR-100 backdoor, efficiency tips, …
  • Intruder module: covering every attack type and most payload types

Day 2

  • Advanced Proxy module: live modifications, interception and manual analysis, …
  • Sequencer module: token analysis
  • Advanced Intruder module: reusing configuration options, non default columns, …
  • Auth module: horizontal and vertical privileges escalation

Day 3

  • Macros and sessions module: transparent management of anti-CSRF tokens and short sessions
  •  Extensions module: catalog of public extensions, developing your own, REST API, …
  • Recently added tools: Collaborator, ClickBandit, Infiltrator



Subscribe to: Posts (Atom)