Web App Penetration Testing - #1 - Setting Up Burp Suite

Рет қаралды 481,767

6 жыл бұрын

Hey guys! HackerSploit here back again with another video, in this video series we will be learning web application penetration testing from beginner to advanced.
Burp or Burp Suite is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Security.
I Hope you enjoy/enjoyed the video.
If you have any questions or suggestions feel free to ask them in the comments section or on my social networks.
🔗HackerSploit Website: hsploit.com/
➡️HackerSploit Android App: play.google.com/store/apps/de...
Support The Channel✔️
Pure VPN Affiliate Link:
PureVPN: billing.purevpn.com/aff.php?a...
Patreon: / hackersploit
➡️Get Our Courses✔️
📗 Get Our Courses at $10 Only!
The Complete Deep Web Course 2018:
www.udemy.com/the-complete-de...
✔️SOCIAL NETWORKS
-------------------------------
Facebook: / hackersploit
Instagram: / alexi_ahmed
Twitter: / hackersploit
Kik Username: HackerSploit
Patreon: / hackersploit
--------------------------------
Thanks for watching!
Благодаря за гледането
感谢您观看
Merci d'avoir regardé
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
देखने के लिए धन्यवाद

Пікірлер: 264

@aviralwalia 6 жыл бұрын

Man, people like you are angels to the society..helping the students by providing free knowledge...good luck

@Akimboshorts77 5 жыл бұрын

Agree

@joemama-js6hv 5 жыл бұрын

why praise one for others' work? .-.

@dylee8998 5 жыл бұрын

@@joemama-js6hv he said 'people'

@rashidshaikh7364 3 жыл бұрын

Yes bro

@dkmodder4405 5 жыл бұрын

You honestly deserve an award or at least more recognition. There needs to be more people like you in the world, that don't charge for knowledge and are open about teaching what they know in a really good way.

@campingteddy9297 4 жыл бұрын

Nice video, def appreciate people like you who share their knowledge with others. Keep spreading the word, and wow, your channel has really taken off. Great job man, you deserve it!

@amber2005 5 жыл бұрын

Oh my gosh thank you for explaining this stuff so well! It's quite difficult to find good sources and understandable information! Again thanks!!

@anandkumar7174 6 жыл бұрын

Really very clear instruction. Thanks for explaining it👍

@smash2163 4 жыл бұрын

you're really doing a great job of inspiring students...and need more stuffs like this... Thank you

@omeraltundal7351 4 жыл бұрын

This is the only channel that I followed also this is the only comment (as far as I remember) so far under a video. Thanks for your clean explanation. Thanks man.

@PlazmadawgZA 6 жыл бұрын

I just subscribed, dude thank you so much for your videos!

@PTD2023 6 жыл бұрын

Makes a nice change to find one of the few youtube tutorials that is both informative and usefull when it comes to penetration testing

@HackerSploit 6 жыл бұрын

Thank you very much for the support, that is what I strive for.

@manojkumarpentela2069 6 жыл бұрын

Thanks dude for making pentesting series......and rock this series

@1a4s4l7 6 жыл бұрын

Hi Alexis, in your vids for future reference, is it possible to add diagrams & concepts and explain them as you go through this series. So we could learn in depth as to what the attack is how it works, see them from networking points of view or whatever. It would be really helpful! Thanks :) Keep up the good work

@shiyamjannan7830 4 жыл бұрын

Nice guide. Simple and easy to understand. Keep it up. Thanks for sharing.

@kushal9987 4 жыл бұрын

Nice video, but you missed the part about downloading and adding the Burp Certificate.

@goheat007 2 жыл бұрын

could you explain this step? I can't go on website because software is preventing it lol

@cybxtra Жыл бұрын

Thanks a lot man , wis you hit 1M soon

@RahulSharma-jv7rj 4 ай бұрын

you work very very hard man, its really appreciated. I am very sure your channel make my dream true to become web pentester....lots of love. thanks a lot

@backyardgardener7729 2 жыл бұрын

This is about 4yrs to late, Great video and well advised. Im just getting into the cyberworld...Thanks for the great video..

@arifbasri4950 6 жыл бұрын

Thanks for the intro video...Hope you all guys here used it for good intention

@spcfsi4143 6 жыл бұрын

Very thankful for this series. Helps me a lot professionally. Thanks and keep up the excellent work.

@alexalderson5767 2 жыл бұрын

To me personally you are the best and the videos very great thank you really much,Mr Ahmed🙏

@emmanuelsosareyes9607 6 жыл бұрын

Dude, i love your videos. Please make a Burp Suite complete series!

@cat_loaf943 6 жыл бұрын

Thanks for the video I'll try this pen test lab.

@aryanbhatt8069 6 жыл бұрын

Sir u are the best tutorial that I had ever seen

@babyaufshar17 Жыл бұрын

This is awesome.

@harrispinkham 6 жыл бұрын

Thanks for the great videos!

@piyushgarg1333 5 жыл бұрын

u r always like awsome with extra aaaaaaaaaaaaaawsome GG videos ..... U r my real life greatest teacher and person....U helped a lot ....Thanks for ur g8 work...

@Siik94Skillz 5 жыл бұрын

I recommend creating different firefox profiles when doing this so you can have a cleanstate firefox for burptesting and your other firefox with all extentions bookmarks and so on where you can also google stuff on the other profile.

@imran2you 5 жыл бұрын

Great Video, Thanks and keep it up

@djmostephens 5 жыл бұрын

I like you. your teaching is so easy to understand, well detailed Cool

@nghiaduy6044 2 жыл бұрын

Please do more of this !! Thank you

@muzec-sec 4 жыл бұрын

Thanks, nice video I really appreciate it

@karlagamero1639 Жыл бұрын

thank u for this video!

@pr3y5 6 жыл бұрын

Thankz bro I'm waiting for this😏

@Mode-Gaming 8 ай бұрын

Best on your field

@OthmanAlikhan 3 жыл бұрын

Thanks for the video =)

@novovires5625 6 жыл бұрын

Advice : Try to write a book, and your videos is going to give you a huge advantage of selling your book. Why? Because you will be the first to have this type of material, it's going to put you on the elite map. By the way, you should try to make a Playlist about botnet and Malware development.. Several testing suites are commonly used too like : 1) Burp Suite 2) WebScarab 3)Paros 4)Zed Attack Proxy 5) Andiparos 6)Fiddler 7)CAT 8) Charles Peace

@aryan4170 6 жыл бұрын

Novo Vires good idea! If hs made a book, I would buy it

@propkillerr 6 жыл бұрын

there are a lot of books regarding ethical hacking and stuff related. I PERSONALLY think he should stick with the videos.

@_productivity__nill_1131 6 жыл бұрын

Nice references

@joemama-js6hv 5 жыл бұрын

"first one to have this type of material" lmao good one m8

@joemama-js6hv 5 жыл бұрын

just because you suffer from a seviere mental disability of sorts and can only run scripts in a kali vm doesn't mean your hero, Hackersploit is the only one out there making hacking (pentesting) tutorials. there are plenty of information security savants publishing weekly/monthly on KZbin.

@Razorcr3st 5 жыл бұрын

Best security content creator I have found! Thanks dude? Thoughts in intro security courses? I'm thinking of taking CCSP

@HackerSploit 5 жыл бұрын

Thanks for the support, really appreciate it. It depends on the direction you want to take, CCSP is pretty good. Do you have any previous experience?

@akliluweldemariam1471 4 жыл бұрын

thank you for your videos. those are helpful..

@rimengineers 4 жыл бұрын

Great video. Thanks 👌

@Chris-ez1ly 2 жыл бұрын

Great video. Thank you.

@royalpatience6881 5 жыл бұрын

Good work . Kepp it up

@anoopmj6749 5 жыл бұрын

very nice. good job brother.

@mustafaaamir2625 4 жыл бұрын

Simple and very helpfu :)

@tyrewald9083 3 жыл бұрын

Thanx a lot!

@jrenzie 5 жыл бұрын

Thanks man!

@marco201ful 6 жыл бұрын

Hey Alexis, Great video man, always enjoy. Quick question, I just recently updated parrot os, and it won't let me boot up, it stays on "tomoyo:select a profile from the list" what do I do from there? Please I would really appreciate your advice :) ------- I do have another distro (Ubuntu 17) install on another partition. -Thank you

@termuxskylord2159 4 жыл бұрын

Should I get a newer labtop to be able to set up my bug hunter lab ????

@yigitaktas715 3 жыл бұрын

great video

@kalpesh.x9068 3 жыл бұрын

Your always legend sir ❤️

@asdfasddfs5484 2 жыл бұрын

thank you

@seanjansevanrensburg38 5 жыл бұрын

Where do i set the network proxy in the newer version of Firefox , in my VM

@MuhammadSheesAli 6 жыл бұрын

Thanks man

@kozukioden2167 2 ай бұрын

Thanks 👍

@kheshavlg 5 жыл бұрын

i love you channel it is awesome OMG !!!!!!!!!!!!!!!!!!!!!!

@jeffreydaniel8854 4 жыл бұрын

Bro you’re awesome 😎

@alchimie5701 5 жыл бұрын

شكراً

@kingisbackof8bp573 2 жыл бұрын

you are the best

@_zerosecurity_ Жыл бұрын

hackersploit love you

@sayanmallick2644 6 жыл бұрын

Thanks you so much.

@Anonymous-jv8nt 6 жыл бұрын

Thanks sir 👍 love you

@jonathanreading1051 4 жыл бұрын

Love your videos, you apply KISS (keep it simple *insert S word noun here*). One thing you might want to mention or redo this particular video setup or add another one covering the Burp CA being applied to your browser. This was a crucial step in getting Burp Suite to capture data I found. Took me a bit to find the solution to the problem, but eventually figured it out (which is half the experience sometimes). Anyways, keep it up, Ill be scouring your videos as I get more in-depth knowledge of some of these powerful tools you cover.

@mr.mysteriousyt6118 4 жыл бұрын

yes google burp ca

@bhavanishankarrao4028 3 жыл бұрын

Sir really you're great

@dhanashreedeshpande7100 5 жыл бұрын

Can you please tell us how to identify the attack is done by observing log values at the bottom ? I mean which are the features of CSRF attack collected in header section in the bottom of burp?

@artmasterpl 6 жыл бұрын

Good work

@BlokeBritish 3 жыл бұрын

Im new into this Ethical hack thing and confused about this Burp behaviour. wen i intercept a utube page load on burp, i forward the very 1st request that comes up, wich loads my utube video and gets it playing. but even if i 'drop' all subsequent requests, ( about 15 to 20 tat follow ) the video that loaded still keeps playing and the entire video can be played. the 'drops' seem to make no difference. whats happening here u think ?

@sandeepyadla7925 6 жыл бұрын

how can i install metasploitable-2 in y kali linux...?

@jamaluddin8546 2 жыл бұрын

exellent

@thenoblemute7669 6 жыл бұрын

Thanks man. I was wondering when you might upload a video like this

@akifanvar1902 3 жыл бұрын

I seeing this now i love it💘. I love you man 👞

@prnxid 6 жыл бұрын

Great!

@d3thdrive 6 жыл бұрын

Awesome.

@qasimsh3469 4 жыл бұрын

as i im following the video im new to this i wanna know what should i set in HTTP proxy ad i set the port to 8080 kindly help me out

@krebsandme 4 жыл бұрын

Hey Alexis really nice work...i m big fans of urs. Can you make video on digital forensic as well?? Thanks in advance

@gordonfreeman_wf 5 жыл бұрын

Thanks.

@Aman_Garcha 4 жыл бұрын

Hi, can you help me with How can I do REST API's testing with burp suite ?

@jeffstanley2972 4 жыл бұрын

Good video, thank you for uploading. Do you prefer Parrot OS to Kali?

@ImDataTheft 6 жыл бұрын

I need help please I downloaded kali linux persistence and everytime i do apt-upgrade my mouse freezes and i reinstalled it like 8 times and it doesn't work for me

@thomasseidel5109 3 жыл бұрын

For the Tabs Intruder and then Payloads, I enter values for Payload Options. Nevertheless, I get the error mewling "No Payloads positions defined." What am I doing wrong? Do I have to insert values into Payload Processing?

@asands123 Жыл бұрын

I cant access https sites like google wikipedia with those settings enabled. I know the reason (the security layer protocol) but is there any way to get around this or can i only accces non secure websites that dont use this security protocol?

@mybaestgameisnfsmw 5 жыл бұрын

If you're setting proxy to localhost then how is your Firefox accessing internet?

@anastasiashubert5378 4 жыл бұрын

Excuse me, where do I find the IP to set up a proxy on firefox?

@dipanshujha7293 6 жыл бұрын

Hey Alexis, i think you missed the burp certificate importing in browser for https requests and this thing might mess up the beginners

@goheat007 2 жыл бұрын

how do you do this

@panchcw 6 жыл бұрын

great work all the best

@HackerSploit 6 жыл бұрын

Thanks

@ann7587 5 жыл бұрын

It's unrelated but what do you use to pin Chromium, Firefox and others to the top bar? Great video as always.

@arhamfarman6364 6 жыл бұрын

im a beginner . do i have to buy burp suite to access its scanner tool. Is there a free alternative

@ko-vg8ud 5 жыл бұрын

Can you upload a video on bypassing admin rights when installing a software

@nehat786 6 жыл бұрын

Very well explained

@HackerSploit 6 жыл бұрын

Thank you!

@akhileshsourashtriya4130 4 жыл бұрын

Which book i have to prefer for sql injection

@daibinraju9830 5 жыл бұрын

Sir when i connect my proxy i am getting so much request to 127.0.0.1:9614 and when i open it in a browser it shows me a web page with an image of burp saying there is a connection error

@mrjohnmayer4091 5 жыл бұрын

Which tools you are using to pen-test web server as u said ? (can you tell more for a beginner ?)

@noorrehman6344 4 жыл бұрын

dear sir, your voice is very magical.i love your voice.

@pushkarsingh4077 3 жыл бұрын

I was not able to add proxy in my burp suite as am trying to run proxy it is showing failed to start proxy

@ao5468 6 жыл бұрын

Why was it that at times I keep forwarding it still stuck on the same page

@fishticon8587 6 жыл бұрын

Thanx for doing this video. I've been looking for a way into pen testing that isn't full of techno music and someone talking to me like I'm already an elite computer scientist despite apparently targeting their video to noobs. And I noob I am, because (like some other people on here) I can not get passed the Firefox proxy part. I have done exactly what you said, but then I am not able to access sites. It tells me that the "connection is not secure" and does not give me the option to add an exception. I've spent hours looking for a solution, so if you or anyone else would be able to tell me what I need to do; I would be very grateful. I would love to get started in pen testing. I can code in Python and I understand many of the concepts, but I keep getting stuck at these walls that prevent me from getting started.

@fishticon8587 6 жыл бұрын

So not surprisingly, after looking everywhere online and wasting a lot of time. I found the trick to figure this out is to RTFM :P See Burp Suite documentation sections "Getting Started > Configuring Your Browser" and "Proxy > Options > Proxy Listeners > Certificate > Install CA Certificate" 1. Set up the proxy in FF like it says in the video. 2. Run Intercept in Burp Suite. 3. Go to support.portswigger.net/customer/portal/articles/1783087-Installing_Installing%20CA%20Certificate%20-%20FF.html (I know, you think you cant load sites, but it's just that you cant load secure sites "HTTPS". Reading the manual parts that I listed will explain this to you in detail). 4. Click in the link it tells you to click on to get the cert, and then follow the instructions on that page.