Burp 201 - Maximizing Burp

This is the second in a series of 3 sessions on Burp Suite. In this session we’ll talk about how you can use some advanced features of Burp to make your life easier and find better bugs.

What you’ll learn

  • Using Intruder
    • Types of attacks
    • Discovering and exploiting indirect object references
    • Automatically extracting data
    • Finding valid usernames
    • Exploiting blind SQLi
  • Using Scanner
    • Actively scanning pages of interest
    • Triaging findings
    • Customization
  • Searching Burp history
  • Advanced Proxy functionality
    • CSRF proof of concept generation
    • Invisible proxying
    • Client-side certificates

Video