One of the most common problems with modern tutorials for tools is that they often sound like man pages or documentation. For example, they tell you all about the little command flags and all the little buttons you can click, but what they seem to forget is /"WHY you should use each of these options?"

So in this video we're going to do something a little different. Instead, I'm going to walk you through a typical pentest and we're going to see where you should use each tool in the Burp Suite.

* How to run Juice Shop on Docker – https://www.youtube.com/watch?vxwcPgeEFnuM
* Juice Shop Heroku – https://juice-shop.herokuapp.com/

0:00 Introduction
0:57 Setup
1:57 Reconnaissance steps
2:16 Application mapping
5:42 Parameter manipulation
9:44 Finding secrets
14:01 Registration/Login process
20:03 Analyzing JWT tokens
23:16 Special message
25:25 Exploiting IDOR
26:21 Burp Intruder workflow
28:06 Advanced intruder settings
33:03 Finding logical errors
37:30 Exploiting logical errors
39:31 Success & homework for you
40:23 Putting it all together (another logical error)
49:26 Stealing Christmas
49:52 How to know you're done
50:50 Conclusion

#infosec #bugbounty #pentesting #hacking #cybersecurity #burpsuite

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.