Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

•

0 likes•45 views

cyberforgeacademy

Learn how to use Burp Suite functionalities to pentest a WebApp

Technology

● Software Engineer & Researcher at CyberForge Academy
● Final year, B. Tech. CSE @ LPU
● Engaged in Research, Creating course content/setups
● Developing SaaS software and open source tools
● Interned with Web3verse Academy, a Singapore-based startup focused on
Web3 education and Namekart, a domain name brokerage ﬁrm.
● Interested in Art and craft 🎨
$ whoami

Table of contents
01
04
02
05
03
06
Introduction Why Burp
Suite
Burp Proxy
Burp Intruder Burp Spider &
Repeater
Burp Scanner

● Suite of security testing tools
● Used for penetration testing on Web Apps.
● Developed by PortSwigger
● Both Free and paid version
● Cross-platform (Windows/Linux/MacOS)
● Suite includes tools such as :
○ Burp Proxy
○ Burp Spider
○ Burp Intruder
○ Burp Scanner
○ Burp Repeater
What is Burp Suite ?

Why Burp Suite?
● Comprehensive Testing Suite
● Identify Vulnerabilities
Example: Discovering XSS ﬂaws by analyzing HTTP responses.
● Customizable Testing
Example: Using Burp Intruder for tailored security assessments.
● Real-Time Monitoring
Example: Intercepting and modifying HTTP requests with Burp Proxy.

Link : https://portswigger.net/burp/communitydownload

● Intercepting proxy tool utilized for various security testing
● Intercepting and analyzing HTTP/S requests and responses.
● Modifying requests and responses to test application behavior.
● Logs HTTP trafﬁc for reviewing, tracking changes, and identifying web
app issues.
● Options-Forward Request , Drop Request , Edit Request
1. Burp Proxy

● Dynamic request modiﬁcation for HTTP testing
● Automation of attack scenarios like brute-force and
fuzzing
● Customizable payloads for tailored attacks
● Advanced analysis and reporting for efﬁcient
vulnerability identiﬁcation
2. Burp Intruder

● Automated web application crawler.
● Maps out application structure and discovers URLs and parameters.
● Passive Crawling: Observes trafﬁc ﬂow within Burp Suite to identify
URLs and parameters.
● Active Crawling: Actively sends requests to the target application to
explore and discover new URLs and parameters.
3. Burp Spider

Source: Burp Suite Professional
Web Vulnerability Scanner |
E-SPIN Group (e-spincorp.com)

● For Manually modifying and replaying HTTP
requests.
● To review individual requests and analyze
application responses.
● Modify parameters, headers, and payloads to test
application behavior.
4. Burp Repeater

● Automated web vulnerability scanner.
● Identiﬁes security ﬂaws in web applications.
● Two key Phases:
○ Audit: Identiﬁes vulnerabilities in web applications.
○ Crawl: Maps application structure and discovers endpoints.
● Features include vulnerability detection ,customizable scanning
options, scan scheduling, reporting, and scan feedback.
5. Burp Scanner

Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack
(thehackernews.com)

Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews

Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security

CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik
Thanks!
Do you have any questions?
contact@cyberforge.academy
+91 8837537763
https://cyberforge.academy
https://github.com/CyberForgeAcademy/Workshops

Similar to Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

Burpsuite yara

Rinaldi Rampen

Burpsuite yara

Rinaldi Rampen

Web Application Security: Introduction to common classes of security flaws an...

Thoughtworks

Tw noche geek quito webappsec

Thoughtworks

Web Application Security: Introduction to common classes of security flaws an...

Thoughtworks

Tw noche geek quito webappsec

Thoughtworks

BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...

JosephTesta9

BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...

JosephTesta9

Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb

Matthew Saltzman

Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb

Matthew Saltzman

Computer security

Mohamed Abdo

Computer security

Mohamed Abdo

CSCAMP2013 - Introduction to pwnCore

Anwar Mohamed

CSCAMP2013 - Introduction to pwnCore

Anwar Mohamed

Splunk for Security: Background & Customer Case Study

Andrew Gerber

Splunk for Security: Background & Customer Case Study

Andrew Gerber

Burpsuite 101

n|u - The Open Security Community

Burpsuite 101

n|u - The Open Security Community

When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.

Manual JavaScript Analysis Is A Bug

Lewis Ardern

Manual JavaScript Analysis Is A Bug

Lewis Ardern

Similar to Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali (20)

Burpsuite yara

Web Application Security: Introduction to common classes of security flaws an...

Tw noche geek quito webappsec

Web Application Security: Introduction to common classes of security flaws an...

Tw noche geek quito webappsec

BSides Rochester 2018: Drew Kirkpatrick: Open Source SAST and DAST Tools for ...

Bb world2014 powerpoint_security-automation-at-blackboard_saltzman_matthew_bb

Computer security

CSCAMP2013 - Introduction to pwnCore

Splunk for Security: Background & Customer Case Study

Burpsuite 101

Manual JavaScript Analysis Is A Bug

Recently uploaded

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

DBX First Quarter 2024 Investor Presentation

Dropbox

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Recently uploaded (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Axa Assurance Maroc - Insurer Innovation Award 2024

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

AXA XL - Insurer Innovation Award Americas 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Powerful Google developer tools for immediate impact! (2023-24 C)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

GenAI Risks & Security Meetup 01052024.pdf

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Corporate and higher education May webinar.pptx

Exploring the Future Potential of AI-Enabled Smartphone Processors

DBX First Quarter 2024 Investor Presentation

Automating Google Workspace (GWS) & more with Apps Script

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Boost Fertility New Invention Ups Success Rates.pdf

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

1. Burp Suite 101 What, Why and How

2. ● Software Engineer & Researcher at CyberForge Academy ● Final year, B. Tech. CSE @ LPU ● Engaged in Research, Creating course content/setups ● Developing SaaS software and open source tools ● Interned with Web3verse Academy, a Singapore-based startup focused on Web3 education and Namekart, a domain name brokerage ﬁrm. ● Interested in Art and craft 🎨 $ whoami

3. Table of contents 01 04 02 05 03 06 Introduction Why Burp Suite Burp Proxy Burp Intruder Burp Spider & Repeater Burp Scanner

4. ● Suite of security testing tools ● Used for penetration testing on Web Apps. ● Developed by PortSwigger ● Both Free and paid version ● Cross-platform (Windows/Linux/MacOS) ● Suite includes tools such as : ○ Burp Proxy ○ Burp Spider ○ Burp Intruder ○ Burp Scanner ○ Burp Repeater What is Burp Suite ?

5. Why Burp Suite? ● Comprehensive Testing Suite ● Identify Vulnerabilities Example: Discovering XSS ﬂaws by analyzing HTTP responses. ● Customizable Testing Example: Using Burp Intruder for tailored security assessments. ● Real-Time Monitoring Example: Intercepting and modifying HTTP requests with Burp Proxy.

6. Link : https://portswigger.net/burp/communitydownload

10.

11. ● Intercepting proxy tool utilized for various security testing ● Intercepting and analyzing HTTP/S requests and responses. ● Modifying requests and responses to test application behavior. ● Logs HTTP trafﬁc for reviewing, tracking changes, and identifying web app issues. ● Options-Forward Request , Drop Request , Edit Request 1. Burp Proxy

12.

13. Burp Proxy Setup & Intercept

14. ● Dynamic request modification for HTTP testing ● Automation of attack scenarios like brute-force and fuzzing ● Customizable payloads for tailored attacks ● Advanced analysis and reporting for efficient vulnerability identification 2. Burp Intruder

15.

16. Enumerating Username

17. ● Automated web application crawler. ● Maps out application structure and discovers URLs and parameters. ● Passive Crawling: Observes trafﬁc ﬂow within Burp Suite to identify URLs and parameters. ● Active Crawling: Actively sends requests to the target application to explore and discover new URLs and parameters. 3. Burp Spider

18. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)

19. ● For Manually modifying and replaying HTTP requests. ● To review individual requests and analyze application responses. ● Modify parameters, headers, and payloads to test application behavior. 4. Burp Repeater

20.

21.

22. ● Automated web vulnerability scanner. ● Identifies security flaws in web applications. ● Two key Phases: ○ Audit: Identifies vulnerabilities in web applications. ○ Crawl: Maps application structure and discovers endpoints. ● Features include vulnerability detection ,customizable scanning options, scan scheduling, reporting, and scan feedback. 5. Burp Scanner

23. Source: Burp Suite Professional Web Vulnerability Scanner | E-SPIN Group (e-spincorp.com)

24. Cyber News

25. Source: Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (thehackernews.com)

26. Source : Millions of hotel doors vulnerable to attack, researchers find | Cybernews

27. Source : Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security

28. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon, and infographics & images by Freepik Thanks! Do you have any questions? contact@cyberforge.academy +91 8837537763 https://cyberforge.academy https://github.com/CyberForgeAcademy/Workshops

Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

Recommended

Recommended

More Related Content

Similar to Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali

Similar to Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali (20)

Recently uploaded

Recently uploaded (20)

Burp Suite 101 - Online Sync Meetup by CyberForge Academy Mohali