Time
50 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
All right. Welcome to our second module. The configuration of functionality of the burbs Suite tool
00:06
Carly Burp suite has three additions. The community addition to Professional Edition and Enterprise Edition. The professional addition today that we're gonna be using, um, used to pretty much be the community addition. But you know, his company's grow
00:21
revenue is an issue, and I'm sure that has, ah, a reason why they decide t just make the community edition pretty much bare bones
00:29
that, you see, there's not a lot there that you can actually use. The Enterprise edition, um, was lunch pretty much earlier this year. Haven't had a chance to install it and do any testing, would it yet? But I did just recently get it. Get a enterprise key, an enterprise key. It's actually 60 days. So hopefully I get a chance to, ah,
00:48
to allow you to allow you guys to see how it actually works and give you maybe a quick overview of the actual Enterprise edition
00:57
again at 3 99 Forberg suite. For the pro addition, you pretty much can't beat that. The configuration. Hopefully you have already downloaded
01:03
Bob Sweet,
01:06
and you've gotten your key you're 30 day key and configure your browser. Um,
01:11
Curly, I use Foxy Proxy to manage my settings,
01:14
but the I p address that you're gonna uses
01:15
1 27 year old as he rolled out one. You look back address and its port 80 80 for all the protocols, Let me see if I can pull up my browser and show you pretty much what you're gonna actual see.
01:30
You see,
01:32
Bar five is not
01:34
all right. There we go.
01:34
All right.
01:37
As I said, I use Foxy Proxy. Currently, I have not even is currently disabled. But what if I go to options?
01:45
You'll see what I have for burb. Sweet
01:48
1 27 year old. I zeroed out one over port 80 80.
01:52
So But if you're not using something like Foxy Proxy,
01:56
you can go into the actual president preferences.
01:59
But this game, this is for far Fox.
02:00
So we'll go to the bottom settings you used,
02:05
You see ah, menu configuration in her 1 27 0.0 not one
02:10
over port 80 80.
02:13
And make sure there's nothing else in here. And then when you you click. Okay. Too safe.
02:17
Okay. Come. Always to the bottom. No proxy. You want everything else to be bare, bones, But I'm not gonna say this, cause again. I do use, um, box a proxy.
02:27
Okay, let's get back to the presentation.
02:30
All right?
02:30
And after you have done that, you want to start burp? Sweet. You have to start birth suite next, but you need to download the actual see a certificate. Okay?
02:39
And that certificate is very, very important. Because if you don't have the death certificate imported in,
02:46
you will start to get as a lot of SSL errors doing. You're scanning. You won't know why.
02:51
If you need instructions. I left a link for you. But that's something that that that pretty much that you have to do. So if you need to take a few minutes to actually do that. Um, go ahead and do that.
03:02
Okay?
03:04
So a quick, quick overview of how burb burbs sweet. Actually, it looks once you log in. Okay, well, actually, go through this to an actual scan. Also, you see your dashboard here. Have you target your proxy? Pretty much tells you if your proxies h a proxy is actually communicating properly.
03:22
The tools that you see here? Intruder, repeater secrets or decoder?
03:25
Those. Those are tools we may cover later in a more advanced class. I use these tools a lot. Doing fantastic and doing some other type of troubleshooting on on on actual website.
03:36
Okay, Project options. Ah, the good use options.
03:39
And in general, if you want to restrict your scope to justice scope that you're defining, you don't want to go outside of their if you're using. Ah, you know, user IDs and passwords to authenticate the various platforms so that those options are there too. We will see some of these ones are start to tool up. You have to use options also.
03:58
But here, Reese is live body Fall Live audit for all proxy on actual dashboard, you you'll be able actually monitor a scan for from here.
04:06
You also see the issue activity as it finds issues it. It'd be here. Okay. You see, high medium low info. Your see all those types of things as you run your actual scan.
04:19
Okay. Ah, see you next module. Thank you.

Up Next

Intro to Burp Suite Pro

This short, online training course provides students with an introduction to scanning web applications using the Burp Suite Web Scanner Professional Edition. Upon completion, students will have a basic understanding of how this solution works.

Instructed By

Instructor Profile Image
Darian Gary
Senior Cyber Consultant at USDA ARS
Instructor