Burp Suite is the industry standard tool for web application hacking, and is essential in any web penetration test.

This module will cover the basic functionality of the core tools in the Burp Suite framework: Proxy, Target, Repeater, Intruder, Sequencer, Decoder, Comparer, and Extender. You will learn how to apply Burp Suite when enumerating and attacking realistic web applications, as well as how to approach some of the common scenarios you may encounter when attacking a web app.

Burp Suite: The Basics

An introduction to using Burp Suite for web application pentesting.

Burp Suite: Repeater

Learn how to use Repeater to duplicate requests in Burp Suite.

Burp Suite: Intruder

Learn how to use Intruder to automate requests in Burp Suite.

Burp Suite: Other Modules

Take a dive into some of Burp Suite's lesser-known modules.

Burp Suite: Extensions

Learn how to use Extensions to broaden the functionality of Burp Suite.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Need to know

Web Hacking

Learn about web applications, JavaScript, SQL and explore BurpSuite, a web application security testing platform.

Web Application Security Fundamentals

Map how modern web applications are built, uncover their hidden endpoints, and exploit the most common web server weaknesses.

Next steps

Web Application Vulnerabilities I

Exploit five of the most impactful web vulnerabilities, from SQL injection to IDOR, and prove your skills in a hands-on challenge.

Web Application Vulnerabilities II

Tackle deeper web vulnerabilities like broken authentication, command injection, and API flaws, then prove yourself in a live challenge.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.