Learn advanced Burp Suite techniques hackers don’t want you to know. Stay ahead in the game by hunting bugs more efficiently using useful burp extensions. In this course, you will learn how to skillfully find interesting bugs in web applications, and expertly configure Burp Suite to be efficient in your testing.
Who is this course for?
This course is for anyone who is familiar with basic Burp Suite usage and wants to level up.
Why take it NOW?
There’s no second place in bug bounty hunting. You either get a duplicate or get paid. Do you want to stay ahead in the game? This is your chance to learn how.
Why this course?
This course will give you a boost in your web hacking journey and make you a better bug bounty hunter.
What will you learn about?
Upon completion of this course, you will be able to skillfully hunt for bugs like IDORs, XSS, SQL and Host Header injection, SSRF, CORS. There will be a bonus lecture on useful miscellaneous tips as well.
What tools will you use?
- Burp Suite with its various extensions.
What skills will you gain?
You will learn how to hunt for bugs on web applications using various Burp Suite extensions to their advantage. Once these skills are acquired, you will be able to hunt for bugs in the wild and get paid and recognized for your work which will shine on your resumes and help recruiters appreciate your talent.
Course general information:
DURATION: 6 hours
CPE POINTS: On completion, you get a certificate granting you 6 CPE points.
LAUNCH DATE: June 2nd 2022 (modules published on a schedule)
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- Burp Suite Community Edition.
What should you know before you join?
Basic knowledge about setting up and using Burp Suite. An understanding of vulnerabilities like CORS, Host Header Injection, XSS, SQLI, IDORs, and other OWASP top 10 vulns.
YOUR INSTRUCTOR: DHRUV KANDPAL
Dhruv Kandpal is presently working as a Threat Intelligence Analyst at Deloitte USI. He is a CEHv11 certified ethical hacker, and a self-taught bug hunter. He has reported eight vulnerabilities to four organizations in the span of the last year. He's an adroit scripter who loves automating his day-to-day tasks. He is also a tool-maker and has created three successful open-source tools for the bug-bounty community. One of his tools, christened 'LazyFuzzZ', got featured in an episode of 'Bounty Thursdays' hosted by Stok (a famous hacker and content creator on YouTube). Dhruv has previously published his college projects 'Phish-Me-Not' and ‘Mal-OR-Not’ in different volumes of the reputed Hakin9 magazine. He’s a self-motivated individual who's driven on the mission to become a master bug-hunter and a skilled cybersecurity professional in the future.
Before the course
- Set up Burp Suite using FoxyProxy.
- How does Burp work?
- How is it able to intercept and modify HTTPS traffic? What are we gonna do? We are going to answer all these questions.
Hunting for IDORS effectively
Broken access control is number 1 on OWASP top-10 2021 list. It is easy to find these issues, they are usually P1 issues. Learning how to hunt for IDOR (Insecure Direct Object Reference) and BAC (Broken Access Control) is important for any good bug bounty hunter.
- You will learn how to use Burp Suite with three of its extensions to find IDORs easily!
- The three extensions are auto repeater, authorize, auth matrix.
- You will learn how to automate hunting for BAC issues.
At the end of the module, you will be asked to solve one intentionally vulnerable lab from sources like webgoat, dvwa, or Juice Shop, using the Burp Suite usage that they have learned from the videos. You will have to prepare a report with screenshots of the steps they took to solve the lab. Additionally, You will have to take an MCQ test.
Hunting cross-site scripting effectively
Learn how to hunt for the most commonly found web application vulnerability across the internet, cross-site scripting.
- You will learn how to leverage Burp Suite to effectively look for XSS.
- You will learn how to use match and replace rules in Burp Suite and leverage the Logger++ burp extension to find XSS.
- You will learn how to use useful burp extensions like Reflector, and reflected parameters extension to find XSS.
At the end of the module, you will be asked to solve an intentionally vulnerable lab using the Burp Suite usage that they have learned from the videos. You will have to prepare a report with screenshots of the steps they took to solve the lab. Additionally, you will have to take an MCQ test.
Learn how to effectively hunt for vulnerabilities on the fly
It is important to make your hunting process efficient and many bug hunters struggle in this phase. In this module, I will teach students how to make the most out of their time, while hunting for bugs on websites.
You will learn how to find issues like CORS, CSRF, Host Header injection, and SSRF by simply using auto repeater and logger++.
At the end of the module, you will be asked to solve one intentionally vulnerable lab from sources like webgoat, dvwa, or Juice Shop, using the Burp Suite usage that you have learned from the videos. You will have to prepare a report with screenshots of the steps you took to solve the lab. Additionally, you will have to take an MCQ test.
Miscellaneous Burp Suite Usage
Learning about some of the most useful features of the Burp Suite can help in improving your overall efficiency as a bug bounty hunter.
- Burp Macros
- Some other useful burp extensions
- Targeted scanning.
- SSH tunneling on VPS to fetch output straight to burp
- Using cloud instance
At the end of the module, you will be asked to submit a screen recording of yourself demonstrating what you have learned from the lectures on one of the labs of either webgoat, dvwa, or Juice Shop, using the Burp Suite usage that you have learned from the videos. You will have to prepare a report with screenshots of the steps they took. Additionally, you will have to take a test with 10 questions.
You will have to answer 20 multiple choice questions. A minimum of 85% is required to clear the exam
Workload: 20 questions
If you have any questions, please contact our eLearning Manager Marta at [email protected].