Burp Suite Training

Getting Started with Burp

• Starting Burp form the command line
• Specifying memory size for Burp
• Ensuring that IPv4 is allowed
• Working with other JVMs

Configuring Browsers to Proxy through Burp

• Configuring widely used browsers to proxy through Burp Suite

Setting the Scope and Dealing with Upstream Proxies

• Multiple ways to add targets to the scope
• Scope and Burp Suite tools
• Scope inclusion versus exclusion
• Dropping out-of-scope requests
• Dealing with upstream proxies and SOCKS proxies

SSL and Other Advanced Settings

• Importing the Burp certificate in Mozilla Firefox
• Importing the Burp certificate in Microsoft IE and Google Chrome
• Installing the Burp certificate in iOS or Android
• SSL pass-through
• Invisible Proxy

Using Burp Tools as a Power User

• Target
• Proxy
• The Message Analysis tab
• Actions on the intercepted requests
• Intruder
• Scanner
• Repeater
• Spidering
• Sequencer
• Decoder
• Comparer
• Alerts

Searching, Extracting, Pattern Matching

• Filtering
• Matching
• Grep – match and grep – extract

Using Engagement Tools and Other Utilities

• Search
• Target analyzer
• Content discovery
• Task scheduler
• CSRF proof of concept generator

Using Burp Extensions and Writing Your Own

• Setting up the Python runtime for Burp Extensions
• Setting up the Ruby environment for Burp Extensions
• Loading and installing a Burp Extension from the Burp App Store
• Loading and installing a Burp Extension manually
• Managing Burp Extensions
• Writing our own Burp Extensions
• Noteworthy Burp Extensions

Saving Securely, Backing up, and other Maintenance Activities

• Saving and restoring a state
• Automatic backups
• Scheduled tasks
• Logging all activities

Resources, References and Links

• Primary references
• Web application security testing with Burp
• Miscellaneous security testing tutorials with Burp Suite
• Pentesting thick clients
• Testing mobile applications for web security using Burp Suite
• Extensions references
• Books