0: Getting Started with Burp Suite - Gin and Juice Shop (Portswigger)
ฝัง
- เผยแพร่เมื่อ 5 ก.ค. 2024
- Intro / Setup for new web pentesting series (ft. burp suite crash course) - Episode 1 of hacking the Gin and Juice shop; an intentionally vulnerable web application developed by Portswigger. The website was created primarily to demonstrate the features of Burp pro vulnerability scanner. However, throughout the series, we will leverage burp suite (and other tools) to exploit the high, medium, low and informational issues identified by the scanner. Hopefully these videos will be useful for aspiring bug bounty hunters, security researchers, pentesters, CTF players etc 🙂 #BugBounty #EthicalHacking #PenTesting #AppSec #WebSec #InfoSec #OffSec
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
TH-cam: / cryptocat23
Twitch: / cryptocat23
↢Portswigger: Gin and Juice Shop↣
ginandjuice.shop
portswigger.net/blog/gin-and-...
portswigger.net/burp/vulnerab...
portswigger.net/web-security
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Intro
0:33 Gin & Juice Shop
0:53 Burp Suite Crash Course (~5 mins)
1:06 Burp: What is it?
1:18 Burp: Setup/FoxyProxy
2:00 Burp: Interceptor
2:25 Burp: HTTP History
2:37 Burp: Repeater
3:31 Burp: Intruder
4:29 Burp: Sequencer
4:45 Burp: Collaborator
5:08 Burp: Decoder
5:15 Burp: Comparer
5:18 Burp: Logger
5:23 Burp: Extensions
5:43 Burp: Site map (target)
5:53 Burp: Spider (crawler)
6:00 Burp: Scanner
6:28 Burp: Scope
7:37 Burp: Crawl and Audit (authenticated)
9:42 Burp: Live audit (scoped)
10:51 Explore website functionality
11:18 Waiting for vulnerability scanner
11:40 Review scan results
12:35 Try to catch more issues
14:37 Generate report
15:39 Review high/med/low/info issues
16:58 Regenerate report
17:53 Conclusion - วิทยาศาสตร์และเทคโนโลยี
0:39 - Correction: single-use CSRF tokens is a feature of the site, not a vuln!
3 weeks ago!
@@SloppyJoePirates Time travel!! 😅 I was planning to hold off on the first video release until I could get a few episodes recorded + edited.. It did not happen lol. I do have the next 2 recorded at least, just got some editing to do 🙂
mandatory comment for the algo!
🙏🙏🙏
please if possible try solving bi0sctf 2024 challs and make a video on it