I have been dabbling a little bit with Burp Suite.
As usual, for those interested there will be links at the end.
Burp Suite is a web application testing tool, and there are two versions:
A community edition, which is free.
A professional edition, which has a subscription payment model.
I used Burp Suite’s community edition and I feel it is a good starting point for learning web application testing.
In the academy, there are many courses for learning different subjects. These courses are called “paths” and they are divided into different skill levels: Apprentice, Practitioner and Expert.
I started out at the Apprentice level path “Server-side vulnerabilities”. I really enjoyed that path, and I fully recommend it as a solid starting point for beginners like me!
Each path is further broken down into Labs, a hands-on exercise to help learn a concept that was taught previously with some basic theory.
I will be sharing some pictures that are related to two Labs that I had completed. The pictures show the setups of these Labs.
Lab: Basic SSRF against the local server
Lab: Basic SSRF against another back-end system
Trying out Burp Suite was definitely a good experience. So far i have not proceeded into other paths, having only completed “Server-side vulnerabilities”, but i might try to advance further if I have the time.
Links:
Download: https://portswigger.net/burp/communitydownload
Server-side vulnerabilities: https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice
Other paths: https://portswigger.net/web-security/learning-paths