The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
Penetration testing without using Burp Suite couldn’t be even assumed. This course unleashes the power of pen-testing with Burp Suite Professional and the free edition. Both editions have some changes in capabilities. Both editions have been covered widely in this course. As in general penetration testing of web applications, many serious vulnerabilities are left, such as blind XSS, that can cause the whole server to be compromised, this is where the Burp Suite plays a great and exceptional role in web security audit and penetration testing for every web penetration tester. Apart from blind XSS, Burp Suite is capable of hunting for hidden security flaws that once we send the payloads to the target, many times it is executed but since the responses are filtered by web application firewalls and security devices, we stop there. But with Burp modules, like Collaborator, it could be bypassed using out-of-band channels. Hunting for clickjacking, there are no perfect methods but that too can be tested full-fledged using Burp Suite Pro. Similarly, many vulnerabilities will be uncovered in this course that are not found generally.
Course duration: 18 hours (18 CPE points)
Course is self-paced and pre-recorded
What will you learn?
- Burp Suite Professional module for extended pentesting
- Advanced manual tools to uncover weak web applications
- Burp Suite extender applications
- Burp Infiltrator
- Cutting-edge scanning logics
- Web app testing of every attack type
- Every tool inside Burp Suite Professional
- Uncover invisible security flaws
- Automating repetitive tasks
- Out-of-band application security testing
- Using Burp Suite to test OWASP Top 10
What skills will you gain?
- Advanced usage of Burp Suite Professional
- Automated custom attacks using Burp Intruder
- Statistical analysis of session tokens
- Attacking with different attack types
- Burp extender API and Bapp
- Develop own extensions
- Interactive application security testing
- Hunting most obscure bugs with Burp Infiltrator
- Point-to-point attacks using repeater
- Automated and advanced scanning and crawl
- Full-fledged testing of every web applications
- Burp Collaborator
- Burp Clickbandit
- Hunting blind XSS, SSRF and many serious bugs
What will you need?
- Burp Suite free or professional edition
What should you know before you join?
- General IT background
- Basic HTTP communications
Atul Tiwari has over 5 years of working experience in the field of “web application penetration testing” with over 10 years in security training. He has trained more than 45k students across 162 countries in online mode. Atul has specialized in web security testing and have conducted over hundreds of pentesting, audits, testing of web applications since 2013. He holds CISSP certifications with CEH, cyber laws, CCNA. He is founder and CTO at gray hat | security (INDIA) www.grayhat.in
Module 1: Preparing the arsenal / Burp Suite environments
In this module, we will start with setting up Burp Suite environments and play with various features of Burp Suite Professional and Burp Suite free edition to get around the working, spidering, SSL/TLS setup, automation, rewriting host-header, intercepting mobile devices traffic for mobile testing, invisible proxying for thick clients, CA certificate for SSL sites, setting the scope for engagement, identifying input parameters and setting various filters.
Module 1 covered topics:
- Lab environments config
- Burp CA certificate for SSL/TLS
- Interceptor proxy with filters
- Spidering target to get all around
- Automated targeting the site in scope
- Spider setup for crawl
- Invisible proxying for non-proxy aware clients
- Host-header rewriting
- Web sockets
- Intercepting mobile devices traffic with Burp Suite – iPhone
Module 1 exercises:
- Explore and make configuration for a pentest engagement
- Configure and use non-proxy aware clients
- Automate and filter spider, target site map
- Rewrite host header
- Use various filters to suite your needs
Module 2: Advanced Intruder, repeater and Auth attacks
Module 2 description: In this module, we will start tinkering with the repeater module to make a point-to-point attack. Intruder module will be used in more advanced ways with hunting for insecure direct object reference attack and placing payloads at multiple points in single attack with snipper, cluster bomb, pitch fork and battering arm. Further attacks - bit flipping, hidden form field attack, data extraction from response, authorization and authentication attacks, brute forcing every parameters and various automated attacks to find hidden directories.
Module 2 covered topics:
- Repeater module – Exploitations
- Advanced Intruder module attacks
- Payloads placement for multiple injections
- Sniper attacks, Battering arm, pitch fork, Cluster Bomb
- Data extraction
- Custom exploits with intruder
- Response header manipulation
- Attacking hidden form fields
- Extended Burp macros with intruder
- Payloads for bit-flipping, brute forcing
- Auth module
- Attacks users – Insecure direct object reference
Module 2 exercises:
- Use Intruder module to brute force login pages, directories and Insecure direct object response attack
- Use payloads positioning – bit flipping, brute forcer, character frobber, null payloads, date, numbers
- Manipulate response headers
Module 3: Hunting for security flaws and WAF bypass
Module 3 description: In this module, we will discover the most hidden functionalities of web application using Burp Suite, such as invisible functions, scanner module of Burp Suite Pro to uncover serious bugs, extending the Burp capabilities by Bapp store and extensions. We will also know how to develop our own extensions using Burp extender APIs. Further attacking and bypassing web application firewalls, CSRF, CO2 attacks.
Module 3 covered topics:
- Content discovery of invisible functionalities
- Manual testing simulator
- Scanner issue definitions
- Scanning methodologies
- Scanning to exploitation ways
- Burp Extender APIs
- Burp Extensions to extend the attacks
- Building your own extensions
- CO2 attack
- Bypassing WAF
Module 3 exercises:
- Explore the Burp Suite Professional – pro users
- Discover the content for hidden functionalities – both users
- Use the various extensions from BApp store
Module 4: Burp Suite unleashed/Hunting and exploitations
In this module, the Burp Suite has unleashed its power to a high level of web application testing. We will use auto-submit CSRF scripts, generate PoC, session analysis of tokens to attack authentication and authorization, Burp Collaborator for hunting hidden bugs and security flaws that will not be caught in other pentesting, like blind XSS. Moving towards the most dangerous attack types – Clickjacking will be uncovered by Burp Clickbandit. And further we will hunt for many serious bugs using Burp Infiltrator and Out-of-Band security testing.
Module 4 covered topics:
- Self-submitting scripts for CSRF
- Anti-CSRF token attack
- Generating CSRF PoC
- Live and manual capture of session tokens
- Session token analysis with Sequencer
- Statistical analysis of session tokens
- Burp Collaborator
- ClickBandit to test clickjacking
- Burp Infiltrator attacks
- Bug hunting with Infiltrator
- OAST – OOB Application security testing
Module 4 exercises:
- Live capture of session token and analysis
- Attacking with Burp Collaborator
- Attacking with Infiltrator
- Find at least two examples clickjacking in simulating lab
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- We designed the course so that a diligent student will need about 18 hours of work to complete the training.
- Your time will be filled with reading, videos, and exercises.
If you have any questions, please contact our eLearning Manager at [email protected].