- Description
- Reviews (2)
- DEMO
Product Description
Learn advanced Burp Suite techniques hackers don’t want you to know. Stay ahead in the game by hunting bugs more efficiently using useful burp extensions. In this course, you will learn how to skillfully find interesting bugs in web applications, and expertly configure Burp Suite to be efficient in your testing.
- Why you?
- Why now?
- Why this course?
Who is this course for?
This course is for anyone who is familiar with basic Burp Suite usage and wants to level up.
Course benefits:
- Scope
- Tools
- Skills
What will you learn about?
Upon completion of this course, you will be able to skillfully hunt for bugs like IDORs, XSS, SQL and Host Header injection, SSRF, CORS. There will be a bonus lecture on useful miscellaneous tips as well.
Course general information:
- How this works
- Lab Setup
- Prerequisites
DURATION: 6 hours
CPE POINTS: On completion, you get a certificate granting you 6 CPE points.
Course format:
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
YOUR INSTRUCTOR: DHRUV KANDPAL
Dhruv Kandpal is presently working as a Threat Intelligence Analyst at Deloitte USI. He is a CEHv11 certified ethical hacker, and a self-taught bug hunter. He has reported eight vulnerabilities to four organizations in the span of the last year. He’s an adroit scripter who loves automating his day-to-day tasks. He is also a tool-maker and has created three successful open-source tools for the bug-bounty community. One of his tools, christened ‘LazyFuzzZ’, got featured in an episode of ‘Bounty Thursdays’ hosted by Stok (a famous hacker and content creator on YouTube). Dhruv has previously published his college projects ‘Phish-Me-Not’ and ‘Mal-OR-Not’ in different volumes of the reputed Hakin9 magazine. He’s a self-motivated individual who’s driven on the mission to become a master bug-hunter and a skilled cybersecurity professional in the future.
COURSE SYLLABUS
Module
Before the course
- Themen
- Set up Burp Suite using FoxyProxy.
- How does Burp work?
- How is it able to intercept and modify HTTPS traffic? What are we gonna do? We are going to answer all these questions.
Module 1
Hunting for IDORS effectively
Broken access control is number 1 on OWASP top-10 2021 list. It is easy to find these issues, they are usually P1 issues. Learning how to hunt for IDOR (Insecure Direct Object Reference) and BAC (Broken Access Control) is important for any good bug bounty hunter.
Workload: 1h
- Themen
- Exercises
Covered topics
- You will learn how to use Burp Suite with three of its extensions to find IDORs easily!
- The three extensions are auto repeater, authorize, auth matrix.
- You will learn how to automate hunting for BAC issues.Module 2
Hunting cross-site scripting effectively
Learn how to hunt for the most commonly found web application vulnerability across the internet, cross-site scripting.
Workload: 1h
- Themen
- Exercises
Covered topics
- You will learn how to leverage Burp Suite to effectively look for XSS.
- You will learn how to use match and replace rules in Burp Suite and leverage the Logger++ burp extension to find XSS.
- You will learn how to use useful burp extensions like Reflector, and reflected parameters extension to find XSS.
Module 3
Learn how to effectively hunt for vulnerabilities on the fly
It is important to make your hunting process efficient and many bug hunters struggle in this phase. In this module, I will teach students how to make the most out of their time, while hunting for bugs on websites.
Workload: 1h
- Themen
- Exercises
Covered topics
You will learn how to find issues like CORS, CSRF, Host Header injection, and SSRF by simply using auto repeater and logger++.
Module 4
Miscellaneous Burp Suite Usage
Learning about some of the most useful features of the Burp Suite can help in improving your overall efficiency as a bug bounty hunter.
Workload: 1h
- Themen
- Exercises
Covered topics
- Burp Macros
- Some other useful burp extensions
- Targeted scanning.
- SSH tunneling on VPS to fetch output straight to burp
- Using cloud instance
Final exam
You will have to answer 20 multiple choice questions. A minimum of 85% is required to clear the exam
Workload: 20 questions
