Webinar takeaway: Getting Started with Burp Suite & Webapp Pentesting

My key takeaways

• Burp over ZAP? It’s the pro features, that make burp so common
• Enable Jython to make Python available for extensions
• You have to install the burp certs in each browser to make it work. Just type burp in the address bar
• FF has a built-in ability to have different browser profiles. Handy for testing e.g. admin users and normal user in parallel
• everybody forgets sometimes to shut of intruder :sweat_smile:
• use a SOCKS proxy if testing from home: this enables IP whitelisting and avoids getting your home network blocked e.g. by Google for suspicious activities

Env

• Provided by blackhillsinfosec.com
• Presenter Brian King

additional links

• https://bitbucket.org/mrbbking/quieter-firefox
• https://portswigger.net/web-security
• https://tryhackme.com/room/rpburpsuite