100% There's plenty of videos that are created by beginners for beginners, but not many for those who work in the field. I try to introduce people into pentesting and network security from a senior's perspective.
Thank you very much, I was going to start this topic and decided, and my stop over was the best moment. I am very greatful for all your effort to teach for free, and with work related examples.
This Video is Straight Forward to anyone who is beginning their pentesting journey, I recommend it ! no blabla no much talking , just straight to the point .
Excellent video. Definitely one of the best that I've seen. You showed how to quickly make use of Burp Suite with great examples. After watching your video I was able to quickly get up and running. And I learned a bunch of new things such as how to use Intruder and Repeater.! Looking forward to watching more of your content. thank you
seriously the best pen testing tutorial of any kind I've seen yet, I'm a beginner and know next to nothing about this stuff, but man this was simple and amazing
Man, it is an absolutely amazing and, most importantly, informative video. I love it so much. I try to get into Burp. As you said earlier, most Burp videos are in man or PDF format :( Thanks to you, I learned something new and would love it if you have a series of Burp or even paid courses. Thank you so much, can't wait for more.
Man this tutorial rocks! I just started my journey with cyber security (I have frontend and backend background) and I very appreciate that beside of explaining how burp works you are providing very useful info about whole pentesting and finding out the vulnerabilities. Now I am more aware how important its checking requests and sending safe responses.
Hello bro, This is the Best video on Burp Suite I have seen so far, well constructed and straight to the point, while showing the usage of tools practically, this video tops all man, thanks for uploading, already subscribed, going to share it in my community so other beginners can learn burp too.
This is honestly so helpful. I'm really surprised you're not bigger than you are on UA-cam.. I love your process of looking at the HTTP history, the highlighting, using the decoder/encoder, everything is so useful. I used to entirely dismiss the HTTP history because of all the ad/analytics requests that flood it and focus solely on interception... not anymore. And another mistake I was making was constantly switching my proxy on/off just to search up various encoders/decoders. Thanks so much.
I have a some experience with web development but i never used Burp Suite and needed it to start doing Port Swigger Web Security Academy to learn Web pentesting. I found this video and it was very good ! It went smoothly all way so now i have good basics to continue to learn Burp Suite and web pentest. Thank you and congrats for this superb video !
Glad it helped! That's how I feel about most tutorials, they tend to sound like manuals instead of how the software is used in practice. I'll make more of these for sure.
Excellent video. The highlghting using colors is awesome. You have an excellent way of explaining things. This is the best burpsuite video I have ever watched. I subscribed and liked. Keep up the good work.
Excellent video Netsec Explained! Very detailed so we'll reference this video when we have questions about some Pentesting How Tos. Thank You for putting this out there!
havent finished the video but so far i like it, earlier today i heard some pentesters/bug bounty hunters use burp as their only tool and are still very successful and i wanted to see how. this videos very good , i like the way you explain things.
As someone trying to leverage my knowledge from studying for the ccna into my plan to get into cyber security this video was super helpful in demonstrating some points of attack and possible uses for burp, thank you!
I love it! CCNA is how I got started as well. Not many skills transfer, but understanding some of the network background definitely helps as you progress through your journey.
I juts started my journey as a Blue Sec champion and this tool is incredibly useful. Im just stunned to see what the CE offers already. Nice video by the way. There are stuff that I didn't know that definitely gives a smoother experience while doing reconnaissance.
This was an excellent video. It was informative, well structured and presented in a manner that keeps me interested. You speak in a manner that is comfortable for me to listen to. You keep a good pace as you present the information which includes occasionally making short pauses. The presentation had a good structure and you speak with intent, which makes it easy to maintain my attention. You keep filler words to a minimum. Words such as 'um', 'like' and other abominations such as those words. Please keep up the good work, sir! 🎉
It is really good tutorial thank you. I will also be happy to fully understand what it is like to see a full steps in pentesting and I will wait with anticipation. Thank you again. Subscribing and liking the video.
I see I'm not the only one on here with the same thoughts, but wanted to bring a comment (subscribe and liked this video as well) because of how well this was done!! I'm honestly super shocked, someone made a video, got to the meat and potatoes very quickly, provides awesome content, shows you where everything is to follow along, then allows the PERFECT amount of time to complete the follow along portion and be ready for the next block. Truly great job and thank you so much for not being like the rest of YT.
The best web application pen testing training video for beginner in UA-cam. This is a huge help for my exam ahead. Would be possible to get one on one training, please? Thank you :)
very good content I used burp suit doing ctf walks throughs but didn't understand what it was actually doing and had to assume what it was doing but I can actually say I understand some of it
Really enjoy seing your video with proper timestamp, good explanation which is easy to understand and proper web methodology such as application mapping where I don't see much other tutorial talk about it. Burp colouring, tab renaming, show highlighted items, many more tips. Truly appreciate your effort. Can't wait to see the next video. Quick question, why did you disable payload encoding?
That's a good question. It turns out that payload encoding automatically URL encodes your input. This isn't so much of a problem when you're doing numbers or simple strings, but if you're fuzzing email addresses or API endpoints, it can really mess up your results. It's bitten me in the butt enough times that I always turn it off.
Great video, thank you. I see video was posted 8 months back, is that still the case that we can't generate targeted report with req/resp and explanation of vulnerability that can be shared with dev team?
Online about 2 seconds into the video and I must TYANjust like to say thank you so much for being what you say you are and given what you said you advertise and having your video completely in English! None of this English title bulshit with some language with no subtitles that I have no earthly idea of what's being said! So thank you so much just at least for that
♥️👌👌👌🎉. Excellent very useful. I really liked the voice over. Can you please tell me how and where did you do that voice over settings for smooth and loud voice . Is thier any link please send me . Very helpful video 🎉🎉. Thank you 🌟
This was an amazing video , loved the concepts explained with the help of examples rather than a basic tutorial. Hey , I am learning cyber security from basics would you recommend a specific path or is there a wat i can contact you for guidance?
Depends on what you want to do. I recommend learning the basics and getting a strong foundation. Security+ is an OK place to start, Cisco has their Cyberops certification that I also highly recommend. Then decide if you want to do red team, blue team, forensics, GRC, etc. For blue team, blue team labs has decent training. For pentesting, I'd start with web apps and Portswigger Academy has good (free!) material. If you're not sure what to do, try them both.
Sure thing! I plan on redoing my Web Hacker Basics walkthroughs with better quality and more up to date information down the line, since those have been super popular. In the mean time, check them out on my channel.
I run my VMs with 4GB minimum, but Burp dynamically adjusts. Honestly, JS heavy apps will crash it if they're not optimized websites. So get a laptop with 16GB and you'll be good.
If you want to learn how to use "Burp" then you should not watch this video. Do not waste your time. much more information can be read in 5 minutes in the text instructions. all the examples given in the lecture will never come across you in real life, and the principles they reveal can be written down in several paragraphs of text on one page of a small notebook. this guy is very good at teaching you but he has big problems with the content of the lesson. This reminded me of the lesson "How to draw a raccoon in 3 steps." step one: draw a line. step two: draw another line. step three: add a raccoon to them. Done. Only in this video you will only be taught to draw lines and straight ones. This criticism is written with respect to the creator of the video and his work
I agree, this video isn't for beginners who have not used Burp before. This video is aimed at those who have used Burp but want a better understanding on how professionals use the tool on real-world engagements, beyond what the manual will tell you. I walk through the thought process and methodology and where Burp fits every step of the way.
im confused i did reallly do anything then the site just said i did all these things i just click a few different things and studied the responses that came backsds has this happend to anyone else
Glad you liked it! Not quite yet, I'm balancing videos with a full time job at a high-paced startup. When I get to a point I can release more regularly, then I will absolutely pour more time into them. For now, give me ideas on topics.
20:18 how did you know it was base64 encoded? what gave it away? i know usually when it ends in == that's base64 encoding, but how did you know this one is? is it because it's a JWT token?
Good question! You will develop an intuition over time as to what looks like a Base64 string vs not. However, in this instance we can see the letters "eyJ" which translates to {" from Base64. That usually indicates the start of a JWT. Try repeating what I did here on your own and see if you notice the connection.
I have a quesiton my man. First of all thank you for that tutorial. My question is I try to set up proxy for firefox but although that I download the CA certificate my fire fox have been giving security alert for any kind of https site. If I just use default chrome that is exist in burp suite than firefox. is this happen a problem? Sorry for my bad english. Thanks.
You should be good with the Chrome browser. Though external browsers are more convenient, Chrome is enough. I am using the professional version and don't mind using the built-in browser.
You should be able to get Burp to work with Firefox with a little bit of configuration and it shouldn't impact your security. If you're still having problems, check the Burp documentation for Firefox proxy setup instructions.
Even when I am not finished with this video I put comment to give this great guide more chance to get into algorithm
Glad you liked it!
Awesome, not one of the thousand "basic" videos, but one with actual content!
100% There's plenty of videos that are created by beginners for beginners, but not many for those who work in the field. I try to introduce people into pentesting and network security from a senior's perspective.
Thank you very much, I was going to start this topic and decided, and my stop over was the best moment. I am very greatful for all your effort to teach for free, and with work related examples.
really useful, highly comprehensive and detailed guide, lots of detailed not viewed in other guides.I do recommend it
This Video is Straight Forward to anyone who is beginning their pentesting journey, I recommend it ! no blabla no much talking , just straight to the point .
Very informative stuff structured in an interesting way. Hoping to learn much more from the content.
Dope tutorial! Explained well and easy to understand, more of BurpSuite tutorials please!
Insanely helpful! Beats any other tutorial I've seen in almost any other skill. Will watch more of your videos now!
Excellent video. Definitely one of the best that I've seen. You showed how to quickly make use of Burp Suite with great examples. After watching your video I was able to quickly get up and running. And I learned a bunch of new things such as how to use Intruder and Repeater.! Looking forward to watching more of your content. thank you
One of the best pen testing tool tutorials on YT!
seriously the best pen testing tutorial of any kind I've seen yet, I'm a beginner and know next to nothing about this stuff, but man this was simple and amazing
Man, it is an absolutely amazing and, most importantly, informative video. I love it so much. I try to get into Burp. As you said earlier, most Burp videos are in man or PDF format :( Thanks to you, I learned something new and would love it if you have a series of Burp or even paid courses. Thank you so much, can't wait for more.
Excellent - concise, well explained. And worth the time. Please keep it up.
Man this tutorial rocks! I just started my journey with cyber security (I have frontend and backend background) and I very appreciate that beside of explaining how burp works you are providing very useful info about whole pentesting and finding out the vulnerabilities. Now I am more aware how important its checking requests and sending safe responses.
I'm glad this helped! That's exactly what I wish I had when I first started, so I'm making videos like these now.
@@NetsecExplained great bro! I will be watching. Your teaching style its very good. thanks
Hello bro, This is the Best video on Burp Suite I have seen so far, well constructed and straight to the point, while showing the usage of tools practically, this video tops all man, thanks for uploading, already subscribed, going to share it in my community so other beginners can learn burp too.
Glad you liked it!
This is honestly so helpful. I'm really surprised you're not bigger than you are on UA-cam.. I love your process of looking at the HTTP history, the highlighting, using the decoder/encoder, everything is so useful. I used to entirely dismiss the HTTP history because of all the ad/analytics requests that flood it and focus solely on interception... not anymore. And another mistake I was making was constantly switching my proxy on/off just to search up various encoders/decoders. Thanks so much.
Glad you found it useful. That process works for CTFs but not on real-world pentests.
23:25 probably one of the best intro Burp Suites out there thank you for your video
Thank you!
I have a some experience with web development but i never used Burp Suite and needed it to start doing Port Swigger Web Security Academy to learn Web pentesting.
I found this video and it was very good ! It went smoothly all way so now i have good basics to continue to learn Burp Suite and web pentest.
Thank you and congrats for this superb video !
Man...this is the first video that was able to teach me this software. Even a course did not made the trick. Thank you sir for your efforts!
Glad it helped! That's how I feel about most tutorials, they tend to sound like manuals instead of how the software is used in practice. I'll make more of these for sure.
Keep up the great work. This is what I've been looking for! Favorite channel!!
Thank you for the kind words!
My first Burp Suite tutorial and I'm so grateful. Thank you.
You're so welcome!
me too
Excellent video. The highlghting using colors is awesome. You have an excellent way of explaining things. This is the best burpsuite video I have ever watched. I subscribed and liked. Keep up the good work.
Thank you so much!
That was so nice, informative and relaxing thanks brother !
This is awesome and I can't wait to watch your full pentest methodology! Hats up.
I'm so glad I came across your video. It prepared me for a job interview. Thank you so much!
Beautiful, Congratulation Netsec, I have watched a lot of sec videos and this is very usefull
this was a great video, very helpful to troubleshoot API+UI integration. subscribed !
super best best pentest using burp suite i've seen, seriuosly if you open the class, definietly i'll register.
+1
Excellent video Netsec Explained! Very detailed so we'll reference this video when we have questions about some Pentesting How Tos. Thank You for putting this out there!
Thanks for the neat and simple Burp Suite explanation, great job!
Awesome video, watched countless videos showing features but never really explaining why you do it. Will follow and see your following videos!
Awesome, thank you!
This is great! You should keep doing this and help us ❤
Subscribed to you to see more content like this, best of luck man!
havent finished the video but so far i like it, earlier today i heard some pentesters/bug bounty hunters use burp as their only tool and are still very successful and i wanted to see how. this videos very good , i like the way you explain things.
Glad it was helpful.
As someone trying to leverage my knowledge from studying for the ccna into my plan to get into cyber security this video was super helpful in demonstrating some points of attack and possible uses for burp, thank you!
I love it! CCNA is how I got started as well. Not many skills transfer, but understanding some of the network background definitely helps as you progress through your journey.
I juts started my journey as a Blue Sec champion and this tool is incredibly useful. Im just stunned to see what the CE offers already. Nice video by the way. There are stuff that I didn't know that definitely gives a smoother experience while doing reconnaissance.
Absolutely! It will also help you to see how things look from an attackers perspective and a developers perspective too.
This was an excellent video. It was informative, well structured and presented in a manner that keeps me interested.
You speak in a manner that is comfortable for me to listen to.
You keep a good pace as you present the information which includes occasionally making short pauses.
The presentation had a good structure and you speak with intent, which makes it easy to maintain my attention.
You keep filler words to a minimum. Words such as 'um', 'like' and other abominations such as those words.
Please keep up the good work, sir! 🎉
Fantastic feedback, thank you so much!
damn that was really helpful, only video on youtube which talks in depth about Burp Suite and that too very well
Thank you for a FANTASTIC overview of Burp Suite!
Well done. easy to understand and straight to the point.
It is really good tutorial thank you. I will also be happy to fully understand what it is like to see a full steps in pentesting and I will wait with anticipation. Thank you again. Subscribing and liking the video.
first 30 seconds and I can guess that its going to be a good tutorial, auto subscribed my dude.
Love the feedback! Thank you.
great video! very helpful. Im very green with burpsuite and this video helps me feel more comfortable with using it
This really helped me understand some things about burpe...🤝Thanks mahn!
Thank you very much, the explanation you have given is very helpful for me in learning the Burpsuite tool👍👍👍
Glad it was helpful!
I see I'm not the only one on here with the same thoughts, but wanted to bring a comment (subscribe and liked this video as well) because of how well this was done!! I'm honestly super shocked, someone made a video, got to the meat and potatoes very quickly, provides awesome content, shows you where everything is to follow along, then allows the PERFECT amount of time to complete the follow along portion and be ready for the next block. Truly great job and thank you so much for not being like the rest of YT.
This is the most amazing thing I could have read today. Thank you so much!
Great tutorial! I enjoyed it and understood everything
I subscribed to the channel just because you asked so nicely.
and because I want to know more about burp
Great Video. Best tutorial for beginners
The best web application pen testing training video for beginner in UA-cam. This is a huge help for my exam ahead. Would be possible to get one on one training, please? Thank you :)
7:14 tip: burp added a feature where you can group repeater tabs into folders, it's so helpful for organizing
I didn't know that, thanks for letting me know. That would save me from the 50+ tabs I typically make haha
When first opening burp I was completely overwelmed. With the help of this tutorial it feels more approachable
This is simply magnificent ✨
very good content I used burp suit doing ctf walks throughs but didn't understand what it was actually doing and had to assume what it was doing but I can actually say I understand some of it
This is a great video man.
So precise and professional.Thanks bro !!
This one ges along way, thank you for this video.
I'm glad it was helpful!
Thank you. Very practical application of Burp Suite
Thanks. That was a very good tutorial
Watched 22 min and gave a thumbs up!
Really enjoy seing your video with proper timestamp, good explanation which is easy to understand and proper web methodology such as application mapping where I don't see much other tutorial talk about it. Burp colouring, tab renaming, show highlighted items, many more tips. Truly appreciate your effort. Can't wait to see the next video.
Quick question, why did you disable payload encoding?
That's a good question. It turns out that payload encoding automatically URL encodes your input. This isn't so much of a problem when you're doing numbers or simple strings, but if you're fuzzing email addresses or API endpoints, it can really mess up your results. It's bitten me in the butt enough times that I always turn it off.
Great video ... Subscribed! .... Where you able to create the pen test? If yes, please share the link 🤓😍 Thank you
amazing video! I learned a lot!
Very helpful video, thank you so much
Smooth and Very good tutorial.
Love it. Great job on this video
Thank you!
Best of the best! If it's possible pls make full course video about burp)
Awesome explanation 👍
Thanks for the video man, really appreciate it.
Great & Real Content.
Really useful hope to see more videos like this
Glad you liked it!
Such an amazing video thank you!
Awesome work sir , need more content on web app security
Great video, thank you. I see video was posted 8 months back, is that still the case that we can't generate targeted report with req/resp and explanation of vulnerability that can be shared with dev team?
Online about 2 seconds into the video and I must TYANjust like to say thank you so much for being what you say you are and given what you said you advertise and having your video completely in English! None of this English title bulshit with some language with no subtitles that I have no earthly idea of what's being said! So thank you so much just at least for that
You did a good job, keep it up
♥️👌👌👌🎉. Excellent very useful. I really liked the voice over. Can you please tell me how and where did you do that voice over settings for smooth and loud voice . Is thier any link please send me . Very helpful video 🎉🎉. Thank you 🌟
It's just my voice honestly. You can play with equalizer settings in Audacity if you really want to. There are tons of tutorials online.
great video. Very informative.
Great video! it was pretty quick and covered a ton of useful stuff about Burp. You earned a sub.
Now, How about one focusing on testing APIs?
Great idea! I'll do that soon.
This was an amazing video , loved the concepts explained with the help of examples rather than a basic tutorial. Hey , I am learning cyber security from basics would you recommend a specific path or is there a wat i can contact you for guidance?
Depends on what you want to do. I recommend learning the basics and getting a strong foundation. Security+ is an OK place to start, Cisco has their Cyberops certification that I also highly recommend. Then decide if you want to do red team, blue team, forensics, GRC, etc. For blue team, blue team labs has decent training. For pentesting, I'd start with web apps and Portswigger Academy has good (free!) material. If you're not sure what to do, try them both.
keep going man please do a tutorials of web bugs such as IDOR , XSS etc..
i love YOU ...
Sure thing! I plan on redoing my Web Hacker Basics walkthroughs with better quality and more up to date information down the line, since those have been super popular. In the mean time, check them out on my channel.
@@NetsecExplained perfect !!!
Hey, Excellent tutorial. Just wondering, How much memory is enough to run burp so that it doesn't crash? 24:11
I run my VMs with 4GB minimum, but Burp dynamically adjusts. Honestly, JS heavy apps will crash it if they're not optimized websites. So get a laptop with 16GB and you'll be good.
If you want to learn how to use "Burp" then you should not watch this video. Do not waste your time. much more information can be read in 5 minutes in the text instructions. all the examples given in the lecture will never come across you in real life, and the principles they reveal can be written down in several paragraphs of text on one page of a small notebook. this guy is very good at teaching you but he has big problems with the content of the lesson. This reminded me of the lesson "How to draw a raccoon in 3 steps." step one: draw a line. step two: draw another line. step three: add a raccoon to them. Done. Only in this video you will only be taught to draw lines and straight ones. This criticism is written with respect to the creator of the video and his work
I agree, this video isn't for beginners who have not used Burp before. This video is aimed at those who have used Burp but want a better understanding on how professionals use the tool on real-world engagements, beyond what the manual will tell you. I walk through the thought process and methodology and where Burp fits every step of the way.
@@NetsecExplainedwhy not add in the title then "not for complete beginners"
good video. well explained
Thank You very much 🎉🎉🎉🎉🎉🎉
thanks a lot for this course
im confused i did reallly do anything then the site just said i did all these things i just click a few different things and studied the responses that came backsds
has this happend to anyone else
Can you please help in the HW I made the intercept request of product id 38 but it's not comming
Why ?
Please make the full video you've promised I love this
Will do. I'll put it together as a whole class, that way I can go over everything start to finish.
@@NetsecExplained Thanks bro
@@NetsecExplained Would love to see your full pentest methodology
@@NetsecExplained please make this a course in udemy, i'l gladly buy it
Awesome content, bro! Just wondering, when can we expect the full pentesting methodology video? It's been about 10 months now
I'm putting the course together. Since it will be everything that I know about pentesting, I won't be able to release it for free on UA-cam.
Very informative video.
its awsome is there any way to donate so we can get more tutorial like this
Glad you liked it! Not quite yet, I'm balancing videos with a full time job at a high-paced startup. When I get to a point I can release more regularly, then I will absolutely pour more time into them. For now, give me ideas on topics.
20:18 how did you know it was base64 encoded? what gave it away? i know usually when it ends in == that's base64 encoding, but how did you know this one is? is it because it's a JWT token?
Good question! You will develop an intuition over time as to what looks like a Base64 string vs not. However, in this instance we can see the letters "eyJ" which translates to {" from Base64. That usually indicates the start of a JWT. Try repeating what I did here on your own and see if you notice the connection.
Great video. Thanks!
Excellent video
Great video!
We need the extended version of this
Great work!
is there anyway to get the new usernsme when its changed , i only got the old username
I have a quesiton my man. First of all thank you for that tutorial. My question is I try to set up proxy for firefox but although that I download the CA certificate my fire fox have been giving security alert for any kind of https site. If I just use default chrome that is exist in burp suite than firefox. is this happen a problem? Sorry for my bad english. Thanks.
You should be good with the Chrome browser. Though external browsers are more convenient, Chrome is enough. I am using the professional version and don't mind using the built-in browser.
You should be able to get Burp to work with Firefox with a little bit of configuration and it shouldn't impact your security. If you're still having problems, check the Burp documentation for Firefox proxy setup instructions.
Simply Awesome!