Buy Burp Suite Certified Exam $9 only!

[r1z]

Hi guys,

Want to share this exam offer, since it's Black Friday and many of white,black,gray,blue,red teams they must have this Certificate for your career.

The certificate was $399 and now $9 only for limited time!

Once you buy the certificate you will have 12 months to complete the exam... any time! so don't miss this chance.

Buy Burp Suite Certified Exam

PortSwigger offers tools for web application security, testing & scanning. Choose from a wide range of security tools & identify the very latest vulnerabilities.

portswigger.net

Good Luck!
Enjoy.

 

[z3r013]

To take exam, you must own burp suite pro (official license ?) think before u buy.

 

[r1z]

Where the problem to buy and make test, second day make refund )

this is only for who looking to develop his careers, so for who looking for cracks.. keep watching

 

[z3r013]

Also, if you pass it till 15 Dec. they refund the exam price too ?

 

[jolkha]

If we learn burpsuite and become professional in using it, what ways in blackhat can we make money with that knowledge? What is the most common technique here for most users in the forum? to hack e-commerce websites and install sniffer? Thanks

 

[Panam 87]

If we learn burpsuite and become professional in using it, what ways in blackhat can we make money with that knowledge? What is the most common technique here for most users in the forum? to hack e-commerce websites and install sniffer? Thanks

BurpSuite is only a testing tool. You can't "make money" with Burp... Also, you need to know what you're doing to make Burp work. If you want suggestions on which hacking technique to use, I suggest you open a seperate thread.

 

[jolkha]

BurpSuite is only a testing tool. You can't "make money" with Burp... Also, you need to know what you're doing to make Burp work. If you want suggestions on which hacking technique to use, I suggest you open a seperate thread.

Yes I'm aware thanks. Well, you can't make money with anything in reality. I think what I meant to ask is what type of attacks are used around here to make money? Hacking e-commerce websites or what exactly? For example in fraud, most people card products online to drops, therefore I was asking around the same pattern of thought

 

[Panam 87]

Yes I'm aware thanks. Well, you can't make money with anything in reality. I think what I meant to ask is what type of attacks are used around here to make money? Hacking e-commerce websites or what exactly? For example in fraud, most people card products online to drops, therefore I was asking around the same pattern of thought

Not sure this has anything to do with this thread. Sorry for being picky but if I put myself in OP's shoes, maybe he doesn't want his thread hijacked. Anyway, open a thread and I'll gladly share what I know

 

[ghostmarket09]

Yes I'm aware thanks. Well, you can't make money with anything in reality. I think what I meant to ask is what type of attacks are used around here to make money? Hacking e-commerce websites or what exactly? For example in fraud, most people card products online to drops, therefore I was asking around the same pattern of thought

I used burp for this exploit I wrote about /threads/54108/ Burp is one of my favorite tools/frameworks and has an unlimited amount of possible use.

At its most basic even community addition with no addons is useful to test as a browser proxy which allows you to intercept and modify browser traffic. Even today you would be surprised at the amount of big companies which trust traffic modifications without verification. Not to mention the amount of sensitive that is disclosed through legitimate requests freely viewable many times.

And don't forget the endless extensions available both inside and outside the bapp store

github.com/topics/burp-extensions

Anyone who makes their living fulltime from this work whether white/black should be familiar with burp if they are professional. Business logic, authorization, disclosure, bypass errors and many more all start with this tool for me personally. This is a tool that is worth everyones time learning and will never be time wasted and always useful

 

[jolkha]

I used burp for this exploit I wrote about /threads/54108/ Burp is one of my favorite tools/frameworks and has an unlimited amount of possible use.

At its most basic even community addition with no addons is useful to test as a browser proxy which allows you to intercept and modify browser traffic. Even today you would be surprised at the amount of big companies which trust traffic modifications without verification. Not to mention the amount of sensitive that is disclosed through legitimate requests freely viewable many times.

And don't forget the endless extensions available both inside and outside the bapp store

github.com/topics/burp-extensions

Anyone who makes their living fulltime from this work whether white/black should be familiar with burp if they are professional. Business logic, authorization, disclosure, bypass errors and many more all start with this tool for me personally. This is a tool that is worth everyones time learning and will never be time wasted and always useful

As always, great content from you. Thanks for your reply.

 

[Ж3лезный_М3дведь]

Burp comes with a lot of great tools with just free license. Most of what you need is free, and many of the paid features are just extensions of those tools such as some of the the intruder modules or the ability to save your work to a file. but its really expensive.

 

[ghostmarket09]

Burp comes with a lot of great tools with just free license. Most of what you need is free, and many of the paid features are just extensions of those tools such as some of the the intruder modules or the ability to save your work to a file. but its really expensive.

100% agree, had many profitable projects with burps core functions for years before ever trying pro. The mitm proxy, repeater, and intruder are the bulk of my testing initially still

 

[SberigatelnayKassa]

Email me, I'll give you Burp Suite for free!

 

[jolkha]

Email me, I'll give you Burp Suite for free!

no need:

burpsuite (not official)

new BurpSuite PRO files, plugins, articles. latest cracked BS: https://t.me/burpsuite Official chat: https://t.me/burp_chat

t.me

 

[th3tr0ll]

Am I the only one who doesn't trust cracked software? Better to use the free version instead of getting a malware

https://www.bleepingcomputer[.]com/...s-target-researchers-with-trojanized-ida-pro/

 

[jolkha]

Am I the only one who doesn't trust cracked software? Better to use the free version instead of getting a malware

https://www.bleepingcomputer[.]com/...s-target-researchers-with-trojanized-ida-pro/

Use it inside VM. Obviously only if you need the Pro features, otherwise you've got a point.

 

[ghostmarket09]

Am I the only one who doesn't trust cracked software? Better to use the free version instead of getting a malware

https://www.bleepingcomputer[.]com/...s-target-researchers-with-trojanized-ida-pro/

Are you blindly deciding what to trust and not trust without actual verification? If this is the case then where does trust start and end with you?

If you lack the knowledge / ability / or patience to properly test any application/script you're using then nothing will ever matter for you in this world anyway. For these people they are blissfully unaware and will likely remain that way. It is not only "cracked" programs that run risks my friend. I would always at a minimum monitor your network traffic for anything local, keep and check logs and thats the absolute minimum. Keeping throwaway vps of many flavors these days is very common and cheap as well

 

[th3tr0ll]

Are you blindly deciding what to trust and not trust without actual verification? If this is the case then where does trust start and end with you?

If you lack the knowledge / ability / or patience to properly test any application/script you're using then nothing will ever matter for you in this world anyway. For these people they are blissfully unaware and will likely remain that way. It is not only "cracked" programs that run risks my friend. I would always at a minimum monitor your network traffic for anything local, keep and check logs and thats the absolute minimum. Keeping throwaway vps of many flavors these days is very common and cheap as well

Your point of view is right but I think from the perspective of time is money.
Why would I waste hours of my life checking for cracked software when I can put money aside and buy a license and avoid all the headaches?
Who assures you that the execution of the payload with subsequent malicious requests is carried out in the first execution and that then you can easily detect it by a network traffic analysis?

However I appreciate your advice, although quite obvious; it is normal to use all this kind of tools on working servers and not on the main workstation or at least this is what should be done regularly.

The fact is that, if APT groups not born yesterday, decide to use this kind of infection-chain this does mean that their campaigns have already been successful on real victims (In this case we are talking about sec researchers and not random users).

In any case, the world is beautiful because it is diverse.
Everyone establishes his risk, and the compromises to which he wants to comply with.

 

[SberigatelnayKassa]

no need:

burpsuite (not official)

new BurpSuite PRO files, plugins, articles. latest cracked BS: https://t.me/burpsuite Official chat: https://t.me/burp_chat

t.me

Not everyone knows the links, and I wanted help

 

[ghostmarket09]

Your point of view is right but I think from the perspective of time is money.
Why would I waste hours of my life checking for cracked software when I can put money aside and buy a license and avoid all the headaches?
Who assures you that the execution of the payload with subsequent malicious requests is carried out in the first execution and that then you can easily detect it by a network traffic analysis?

However I appreciate your advice, although quite obvious; it is normal to use all this kind of tools on working servers and not on the main workstation or at least this is what should be done regularly.

The fact is that, if APT groups not born yesterday, decide to use this kind of infection-chain this does mean that their campaigns have already been successful on real victims (In this case we are talking about sec researchers and not random users).

In any case, the world is beautiful because it is diverse.
Everyone establishes his risk, and the compromises to which he wants to comply with.

I agree with all of this and was not debating any of those points. I responded directly to your first quote which painted a different picture entirely.

Am I the only one who doesn't trust cracked software? Better to use the free version instead of getting a malware

https://www.bleepingcomputer[.]com/...s-target-researchers-with-trojanized-ida-pro/

A change of heart I guess between your first and second post.