Master Burp Suite Like A Pro In Just 1 Hour

One of the most common problems with modern tutorials for tools is that they tend to sound a lot like man-pages or documentation. For instance, they'll tell you all about the little command flags, all the little buttons you can click on; but something that they seem to miss out on is "WHY you would use each of these options?"

So, for this video, we're going to do things a little different. Instead, I'm going to walk you through a typical pentest, and we're going to see where you should use each tool within Burp Suite along the way.

* How to spin up Juice Shop on Docker - Bug Bounty and Pentesting with Docker
* Juice Shop Heroku - https://juice-shop.herokuapp.com/


0:00 Intro
0:57 Setup
1:57 Reconnaissance Steps
2:16 Application Mapping
5:42 Parameter Tampering
9:44 Finding Secrets
14:01 Registration/Login Flow
20:03 Analyzing JWT Tokens
23:16 Special Message
25:25 Exploiting IDOR
26:21 Burp Intruder Workflow
28:06 Advanced Intruder Settings
33:03 Finding Logic Flaws
37:30 Exploiting Logic Flaws
39:31 Success & Homework for you
40:23 Putting it all together (Another logic flaw)
49:26 Stealing Christmas
49:52 How you know you're done
50:50 Wrap up

#infosec  #bugbounty  #pentesting  #hacking  #cybersecurity #burpsuite

• #science_technology
• #sql
• #sql_injection
• #sqli
• #rce
• #remote_code_execution
• #hacking
• #hack_the_box
• #htb
• #netsec
• #netsec_explained
• #gtklondike
• #oscp
• #cissp
• #oswe
• #nmap
• #burp
• #how_to_exploit
• #bug_bounty
• #w3schools
• #owasp
• #zero_to_hero
• #pentest
• #ctf
• #capture_the_flag
• #full_course
• #python
• #tutorial
• #burp_suite
• #sqlmap
• #blind_sql_injection
• #network_pivot
• #networking
• #ssh
• #ssh_tunnel
• #dynamic_tunnel
• #tunneling
• #windows
• #vpn
• #proxychains
• #metasploit
• #meterpreter
• #tryhackme
• #burpsuite
• #cybersecurity
• #infosec
• #for_beginners
• #web_hacking