Starting with the basics, let’s learn about Burp Suite, Community (ie. FREE!) edition. If you’ve never used Burp Suite or done any web site testing, we will be starting from the beginning. We will talk about what an intercepting proxy is, how to configure it with your browser, look at all the (free!) tools included with Burp Suite and then start using them. We will look at all the HTTP requests that a web site makes, see everything else it is connecting to. We’ll learn how to replay these requests, and edit them for testing and finding web application vulnerabilities in the sites that we own and develop.
You can download the Community Edition before the meeting here: https://portswigger.net/burp so you can follow along! Burp Suite’s only requirement is the laptop has Java installed.
Presented by: Patrick Laverty from DefCon401