In this course video by Atul Tiwari from his Mastering Burp Suite course, you will learn how to set up Burp Suite to intercept and analyze traffic going through a mobile device - in this case, an iPhone. Sounds like a useful trick to know, right? It's perfect for setting up on your own phone and playing with traffic generated by mobile apps. Enjoy and have fun with Burp!
In that module of the course we start with setting up Burp Suite environments and play with various features of Burp Suite Professional and Burp Suite free edition to get around spidering, SSL/TLS setup, automation, rewriting host-headers, intercepting mobile devices traffic for mobile testing, invisible proxying for thick clients, CA certificate for SSL sites, setting the scope for engagement, identifying input parameters and setting various filters.
Further down the road we start tinkering with the repeater module to make a point-to-point attack. Intruder module will be used in more advanced ways with hunting for insecure direct object reference attack and placing payloads at multiple points in single attack with snipper, cluster bomb, pitch fork and battering arm. Further attacks - bit flipping, hidden form field attack, data extraction from response, authorization and authentication attacks, brute forcing every parameters and various automated attacks to find hidden directories.
By the end of the course, we use auto-submit CSRF scripts, generate PoCs, session analysis of tokens to attack authentication and authorization, Burp Collaborator for hunting hidden bugs and security flaws that will not be caught in other pentesting, like blind XSS. Moving towards the most dangerous attack types – Clickjacking will be uncovered by Burp Clickbandit. And further we will hunt for many serious bugs using Burp Infiltrator and Out-of-Band security testing.
The access to this course is currently restricted to Hakin9 Premium or IT Pack Premium Subscription.
Courses instructed by Atul: