The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription

Penetration testing without using Burp Suite couldn’t be even assumed. This course unleashes the power of pen-testing with Burp Suite Professional and the free edition. Both editions have some changes in capabilities. Both editions have been covered widely in this course. As in general penetration testing of web applications, many serious vulnerabilities are left, such as blind XSS, that can cause the whole server to be compromised, this is where the Burp Suite plays a great and exceptional role in web security audit and penetration testing for every web penetration tester. Apart from blind XSS, Burp Suite is capable of hunting for hidden security flaws that once we send the payloads to the target, many times it is executed but since the responses are filtered by web application firewalls and security devices, we stop there. But with Burp modules, like Collaborator, it could be bypassed using out-of-band channels. Hunting for clickjacking, there are no perfect methods but that too can be tested full-fledged using Burp Suite Pro. Similarly, many vulnerabilities will be uncovered in this course that are not found generally.

Course duration: 18 hours (18 CPE points)

Course is self-paced and pre-recorded

What will you learn?

Burp Suite Professional module for extended pentesting

Advanced manual tools to uncover weak web applications

Burp Suite extender applications

Burp Infiltrator

Cutting-edge scanning logics

Web app testing of every attack type

Every tool inside Burp Suite Professional

Uncover invisible security flaws

Automating repetitive tasks

Out-of-band application security testing

Using Burp Suite to test OWASP Top 10

What skills will you gain?

Advanced usage of Burp Suite Professional

Automated custom attacks using Burp Intruder

Statistical analysis of session tokens

Attacking with different attack types

Burp extender API and Bapp

Develop own extensions

Interactive application security testing

Hunting most obscure bugs with Burp Infiltrator

Point-to-point attacks using repeater

Automated and advanced scanning and crawl

Full-fledged testing of every web applications

Burp Collaborator

Burp Clickbandit

Hunting blind XSS, SSRF and many serious bugs

What will you need?

Burp Suite free or professional edition

What should you know before you join?

General IT background

Basic HTTP communications

HTML/JavaScript (Not mandatory)

Your instructor:

Atul Tiwari has over 5 years of working experience in the field of “web application penetration testing” with over 10 years in security training. He has trained more than 45k students across 162 countries in online mode. Atul has specialized in web security testing and have conducted over hundreds of pentesting, audits, testing of web applications since 2013. He holds CISSP certifications with CEH, cyber laws, CCNA. He is founder and CTO at gray hat | security (INDIA) www.grayhat.in

Syllabus

Module 1: Preparing the arsenal / Burp Suite environments

In this module, we will start with setting up Burp Suite environments and play with various features of Burp Suite Professional and Burp Suite free edition to get around the working, spidering, SSL/TLS setup, automation, rewriting host-header, intercepting mobile devices traffic for mobile testing, invisible proxying for thick clients, CA certificate for SSL sites, setting the scope for engagement, identifying input parameters and setting various filters.

Module 1 covered topics:

Lab environments config

Burp CA certificate for SSL/TLS

Interceptor proxy with filters

Spidering target to get all around

Automated targeting the site in scope

Spider setup for crawl

Invisible proxying for non-proxy aware clients

Host-header rewriting

Web sockets

Intercepting mobile devices traffic with Burp Suite – iPhone

Module 1 exercises:

Explore and make configuration for a pentest engagement

Configure and use non-proxy aware clients

Automate and filter spider, target site map

Rewrite host header

Use various filters to suite your needs

Module 2: Advanced Intruder, repeater and Auth attacks

Module 2 description: In this module, we will start tinkering with the repeater module to make a point-to-point attack. Intruder module will be used in more advanced ways with hunting for insecure direct object reference attack and placing payloads at multiple points in single attack with snipper, cluster bomb, pitch fork and battering arm. Further attacks - bit flipping, hidden form field attack, data extraction from response, authorization and authentication attacks, brute forcing every parameters and various automated attacks to find hidden directories.

Module 2 covered topics:

Repeater module – Exploitations

Advanced Intruder module attacks

Payloads placement for multiple injections

Sniper attacks, Battering arm, pitch fork, Cluster Bomb

Data extraction

Custom exploits with intruder

Response header manipulation

Attacking hidden form fields

Extended Burp macros with intruder

Payloads for bit-flipping, brute forcing

Auth module

Attacks users – Insecure direct object reference

Module 2 exercises:

Use Intruder module to brute force login pages, directories and Insecure direct object response attack

Use payloads positioning – bit flipping, brute forcer, character frobber, null payloads, date, numbers

Manipulate response headers

Module 3: Hunting for security flaws and WAF bypass

Module 3 description: In this module, we will discover the most hidden functionalities of web application using Burp Suite, such as invisible functions, scanner module of Burp Suite Pro to uncover serious bugs, extending the Burp capabilities by Bapp store and extensions. We will also know how to develop our own extensions using Burp extender APIs. Further attacking and bypassing web application firewalls, CSRF, CO2 attacks.

Module 3 covered topics:

Content discovery of invisible functionalities

Manual testing simulator

Scanner issue definitions

Scanning methodologies

Scanning to exploitation ways

Burp Extender APIs

Burp Extensions to extend the attacks

Building your own extensions

CO2 attack

Csurfer

Bypassing WAF

Module 3 exercises:

Explore the Burp Suite Professional – pro users

Discover the content for hidden functionalities – both users

Use the various extensions from BApp store

Module 4: Burp Suite unleashed/Hunting and exploitations

In this module, the Burp Suite has unleashed its power to a high level of web application testing. We will use auto-submit CSRF scripts, generate PoC, session analysis of tokens to attack authentication and authorization, Burp Collaborator for hunting hidden bugs and security flaws that will not be caught in other pentesting, like blind XSS. Moving towards the most dangerous attack types – Clickjacking will be uncovered by Burp Clickbandit. And further we will hunt for many serious bugs using Burp Infiltrator and Out-of-Band security testing.

Module 4 covered topics:

Self-submitting scripts for CSRF

Anti-CSRF token attack

Generating CSRF PoC

Live and manual capture of session tokens

Session token analysis with Sequencer

Statistical analysis of session tokens

Burp Collaborator

ClickBandit to test clickjacking

Burp Infiltrator attacks

Bug hunting with Infiltrator

OAST – OOB Application security testing

Module 4 exercises:

Live capture of session token and analysis

Attacking with Burp Collaborator

Attacking with Infiltrator

Find at least two examples clickjacking in simulating lab

Course format:

The course is self-paced – you can visit the training whenever you want and your content will be there.

Once you’re in, you keep access forever, even when you finish the course.

There are no deadlines, except for the ones you set for yourself.

We designed the course so that a diligent student will need about 18 hours of work to complete the training.

Your time will be filled with reading, videos, and exercises.

Contact:

If you have any questions about the course, get in touch with us at Hakin9 by contacting [email protected] or [email protected]