- 1
- 144 062
Plausible Trout
Приєднався 4 бер 2016
Information security stuff
Automated Web Testing with Burp Suite Pro
A quick guide for beginners on using Burp Suite Pro to do only automated testing of web apps. Burp can do a whole lot more, but the Scanner module is very capable and often finds issues the "big guys" miss.
Переглядів: 144 062
Can we please get an updated video with the new Burp Suite Pro?
Video needs an update to Burp Suite Professional v2021.4.2
Awesome. How to exploit highlighted vulnerabilities to check false positive vulnerabilities. Thanks
Hi, I am Scarlett from A3logics. I want to collaborate over UA-cam. Please share your email. So I can share exact details.
Great video, sir! It is very helpful.
Wonderful session. You have clarified most of my queries. Thanks
thanks a lot.. i learnt more
cool vedio,thankyou for this ,its really helpful
He is using burpsuite tool in kali Linux
Excellent Video but why you don't use KALI LINUX ?
The music is very irritating and distracting :(
Ja na lawde
Ive been using nmap, hydra, medusa, metasploit etc on kali , but just found burpsuite out of curiosity.
@Adrian Dostoevsky LOL
I don't have scanner and spider tab
i set up BurpSuite on my firefox done all proxy settings but after i use proxy @t my internet is not work. If my internet is not work no any web site will be load :(
If intercepter is on you should forward the request for website to load.
@@shackyt ohh yeah its work thanks
Install brup plugins in your b
EP0# Installing and Setup Burpsuite pro v2.0.11 for Hacking @
A bit rusty, I hadn't used burp pro for a few years... Nice video, clean explanations, no annoying music and sounds - exactly what I needed to get back into it. I see you're using the non beta version... What do you think of version 2? Cheers.
Thanks !
Great video 😇😇😇😇
he is copying ur video "ua-cam.com/video/bAhTyCm8j2c/v-deo.html"
Thanks very much for letting me know!
Great video dude! Really clear
Thanks
i love the dub techno in the backgroud :p
Gud job sir
Awesome Video..many thanks....
Plausible Trout - Very nice video! I have a question....I noticed you did not cover using the "Content Discovery" function....Do you feel that it is unnecessary to use that function since we're already using the Spidering function? Thanks
I use it but I've never had much success with the content discovery feature. Takes forever and never seems to find the usual suspects. I get better results just using Burp Intruder with lists from FuzzDB DirBuster. There's also GoBuster tools.kali.org/web-applications/gobuster
good can ai add your skype
Turns out that proxy selector was malware..... It was taken down by www.reasoncoresecurity.com/proxyselectormozilla.org.xpi-64de3cab5deb0bb99d3f35da04a3e234d293c7a2.aspx
I've switched to FoxyProxy Standard. addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
Here I just collect my bookmarks. Either use them or just ignore them: 7:55 scope 9:23 scanner 10:48 options 13:43 spider 15:45 proxy 21:15 scanner 23:09 site map 24:56 site map subfunctions like crawl site again 27:47 scan queue 33:15 report 36:14 save session 37:24 Web Hacker's Handbook
Thanks for the video. It is pretty good. I'm trying to do an authenticated scan. Do you have any suggestions or steps to do that?
Just manually browse the application with Scanner running and login. One thing to watch for: look in the Proxy History after you login to see what cookie the application uses to store the session ID (you should see a cookie being set in the Cookies column). Whatever it is, make sure the cookie name is listed in Scanner > Options > Skip server-side injections or Scanner will get logged out. Burp defaults have the most common session cookies listed (jsessionid for Java apps, PHPSESSID for PHP, etc.) but some apps use custom ones.
Your Awesome, and thanks so much to putting this into scope for a Noob!!!!
I don't know why you got 7 dislikes, such a good video.
Very nice walkthrough! I learned a great deal. I do have a question about a particular example you went over: when you tested the POST to "Sign Up!" at 20:49 but the passwords didn't match up, is there a case where that may actually be important to pass those JS checks in order to thoroughly test? I'm guessing Burp caught the POST for all of that data, so it can go back and test again, and will likely use its own data, whereby it would use the same passwords and pass a 'match comparison' check. But if not, isn't it possible that the app could potentially have some other action based on that JS validation which you wouldn't otherwise experience if you proceeded with dissimilar pwds? Thanks again for a fantastic video!
This was extremely helpful. Thank you for your time.
?what is the price for this
Spy Szs $349
Hey Plausible Trout. Great video with narration. Any more upcoming videos?
nice video sir
gr8 stuff ...
can i get scan option in burp free
No. That is the diff. between Free and Professional version. The Free version has all the Burp features except Scanner. That is explained in the beginning of the video.
There are some other restrictions as well, for example intruder option has time limits for fuzzing. So you can try the feature but you can't do big lists or it would take forever.
Is there a step by step proceedure of how to find/locate burp collaborator and use it for XXE ? Please help