Mastering Burp Suite Pro, 100% hands-on

"This is not a book about astronomy; rather, this is a book about telescopes" - PoC||GTFO Volume II

Tips and tricks

We manage the @MasteringBurp account, which regularly posts Burp Suite tips and tricks.
Go to Twitter

Blog

We sometimes publish on Agarri's corporate blog...

Exploiting WPAD with Burp Suite and the "HTTP Injector" extension (link)
  • Redirect other users' traffic to yourself using WPAD
  • Exclude SSL traffic from interception (avoid client-side warnings)
  • Develop a custom extension infecting HTTP traffic (f.e. injecting a BeEF hook)
  • Test the setup on eBay

Exploiting a Blind XSS using Burp Suite (link)
  • Use Burp Collaborator to detect a blind XSS
  • Use Burp Collaborator to exfiltrate data from the victim's browser (cookies!!)
  • Use the stolen cookie via a Match & Replace rule
  • Browse the admin interface and get a flag

Deserialization in Perl v5.8 (link)
  • Spot a HTML form with a hidden parameter whose value is Base64-encoded
  • Fuzz the value using the "Character Frobber" payload type in Intruder
  • Identify a Perl deserialization vulnerability
  • Exploit the vulnerability in Repeater and get RCE

Intruder and CSRF-protected form, without macros (link)
  • Setup a local "Damn Vulnerable Web Application" target
  • Analyze the login flow, using a browser and Proxy History
  • Log in using Repeater (manually dealing with redirects and CSRF tokens)
  • Use Intruder's Recursive Grep to transparently manage CSRF tokens, w/o macros
  • Run a brute-force attack in Intruder and find the admin password
Go to the blog

Bugcrowd video (by Jasmin Landry)

Former attendee @JR0ch17 (aka Jasmin Landry) published a video listing plenty of tricks we covered during the training. His Advanced Burp Suite video is available online via the Bugcrowd University.
Go to Youtube

HackerOne videos (by Cody Brocious)

There's a 3-video playlist on Hacker101:
Go to HackerOne

Challenges

We recommend the WebSecurity Academy, by PortSwigger. We also heard good things about PentesterLab (paid, but some free labs are available).
Go to the WebSecurity Academy

Burp Suite Community

The Community Edition version of Burp Suite has some limitations, but is nonetheless a good starting point. Don't miss its great documentation.

Download the Community Edition