Burp Suite Pro
Course Description
Burp Suite is the industry standard for web application security testing. This course takes you from basics to advanced techniques including custom extensions and automation.
Learning Objectives
By the end of this course, you will be able to:
- Configure Burp Suite for professional testing
- Intercept and modify HTTP/HTTPS traffic
- Automate testing with Intruder and Scanner
- Create custom extensions in Python/Java
- Integrate Burp with other tools
- Report findings using Burp's reporting features
Modules
Module 1: Burp Suite Fundamentals (6h)
- Installation and configuration
- Proxy setup and certificates
- Target scope configuration
- Browser integration
- Project management
Module 2: Proxy & Intercept (6h)
- Request interception
- Response modification
- Match and replace rules
- WebSocket testing
- HTTP/2 support
Module 3: Repeater & Comparer (5h)
- Manual request testing
- Response comparison
- Encoding/decoding
- Request chaining
Module 4: Intruder Mastery (8h)
- Attack types explained
- Payload generation
- Cluster bomb attacks
- Grep and extract
- Rate limiting bypass
Module 5: Scanner & Active Testing (8h)
- Scan configuration
- Audit items selection
- Crawling strategies
- Issue management
- False positive handling
Module 6: Sequencer & Decoder (4h)
- Token analysis
- Entropy testing
- Encoding detection
- Custom encoding
Module 7: Extensions Development (8h)
- BApp Store extensions
- Python extension basics
- Java extension development
- Custom scanner checks
- Custom Intruder payloads
Module 8: Professional Workflows (5h)
- Engagement methodology
- Collaboration features
- Reporting templates
- CI/CD integration
- Burp Enterprise
Tools
| Tool | Purpose |
|---|---|
| Burp Suite Pro | Main platform |
| Collaborator | Out-of-band testing |
| Logger++ | Enhanced logging |
| Autorize | Authorization testing |
| JWT Editor | Token manipulation |
Quick Navigation
📄️ Overview
Advanced web application security testing with Burp Suite Professional