You need just two qualities to for bug hunting (or pentesting, as it is also called):
First, a creative and inquisitive mind. Second, the perfect tools for the job.
Burp Suite is a multipurpose tool for bug hunting that has a lot of useful features, for example, the repeater, the intruder and the sequencer. You can use these features when pentesting, and you will learn how to use them to their full advantage in this Burp Suite tutorial.
The Many Uses of Burp Suite
In this tutorial, you will find out all the different features and modules of the great tool that is Burp Suite, and it's abilities in pentesting. Burp Suite is a vulnerability scanner with penetration testing tools. With it, you can scan the target, you can intrude a request, and you can repeat that request with a modified parameter value.
Burp Suite also works as a proxy tool between the server and your browser. Users who have used Burp Suite have nothing but good words for it: "Burp Suite is indispensable when you need to perform web application assessments. You can read web traffic and manipulate it as much as you might desire."
Another user wrote: "Burp Suite is a must-have. It's a tool for web application penetration testing. It sets a great baseline from which you can do most of the manual testing. Moreover, the commercial version of the product offers a lot of features and enhancements which will make your life as a bug hunter much easier."
In this Burp Suite tutorial, you will learn about all the models in Burp Suite and how to effectively use them and when. Learn the hacking tools of white hat hackers!
What Will You Learn
Here are all the features you will learn in this Burp Suite tutorial:
HTTP Proxy, which operates as a web proxy server, in the middle between the browser and the destination web servers, which allows the inspection, interception and modification of the passing traffic.
Scanner, which is a web application security scanner which you use to perform automated vulnerability scans of web apps.
Intruder is a tool that performs automated attacks on web apps. It can test and detect SQL Injections, vulnerabilities susceptible to brute force attacks and cross-site scripting, parameter manipulation.
Spider, which automatically crawls web apps. It is also used in conjunction with manual mapping techniques that help speed up the process of mapping an app's functionality and content.
Repeater, a tool which is used to manually test an app, modify the request to the server, resend them, observe results.
Decoder - a tool that transforms encoded data into canonical form or raw data into hashed and encrypted forms.
Comparer, which performs a comparison (a visual "diff") between any two items of data.
Extender, which allows you to load Burp extensions and extend Burp's functionality by using your own or third-party code.
Sequencer is a tool that analyzes the quality of randomness in a sample of data items. Use it to test an app's session tokens or other data items that are unpredictable, for example, password reset tokens, anti-CSFR tokens, etc.
So if you want to learn all that and more - enroll!
I am a full-time bug bounty hunter in virtual life and quite a shy person in personal life. I am a security Ninja with about 5 years of experience in testing, security auditing of website and android applications
I reported about 150+ bugs to different companies like Google, Facebook, Medium etc.
I love coding in PHP and I have created some cool projects which ease my day to day work.
And when I am not doing these things I love to travel the world.