Burp Suite is the web security practitioner’s daily driver. If you test web applications, you use Burp. This module gets you from install → first intercepted request → basic testing flow, without the 300-page manual.

What Burp Suite is

A web application security testing platform. At its core: an intercepting proxy that sits between your browser and the target web app. You see every request and response; you can modify them before they’re sent.

Editions:

Community — free, slower scanner, no automated active scanning. Fine for learning + manual testing.
Professional — $475/year, adds vulnerability scanner, intruder acceleration, collaborator, DOM analysis.
Enterprise — CI/CD integration, team features, dashboards.

For hands-on learning and most pentests, Community + your skill is enough.

The three tabs you’ll live in

Proxy — intercept requests/responses in real-time. Modify before forwarding. The core feature.
Repeater — send a request repeatedly with tweaks. Test one endpoint’s behaviour across payloads.
Intruder — automate request iteration. Brute-forcing, fuzzing, enumeration.

Plus: Target (sitemap), Decoder (URL/Base64/HTML encoding), Comparer (diff two responses), Extender (plugins).

First setup — browser proxy + CA cert

Burp’s proxy listens on 127.0.0.1:8080 by default. Configure your browser (or use Burp’s built-in browser):

🔐 Intermediate Module · Basic Tier

Continue reading with Basic tier (₹499/month)

You've read 27% of this module. Unlock the remaining deep-dive, quiz, and every other Intermediate module.

99+ modulesAll levels up to this tier

20-question quizzesUnlimited retries with explanations

Completion certificatesShareable on LinkedIn

See pricing → Sign in

5 more sections locked below

Module 2 · Burp Suite — Web Application Testing 🔒

What Burp Suite is

The three tabs you’ll live in

First setup — browser proxy + CA cert

Continue reading with Basic tier (₹499/month)

Other modules in this track

Module 5 · Mimikatz — Credential Extraction <span style="color:#6EC1E4;font-size:0.7em;vertical-align:middle;" title="Academy lesson — sign in for full access">🔒</span>

Module 1 · Nmap — Network Discovery and Port Scanning <span style="color:#6EC1E4;font-size:0.7em;vertical-align:middle;" title="Academy lesson — sign in for full access">🔒</span>

Module 4 · Hashcat — Password Cracking <span style="color:#6EC1E4;font-size:0.7em;vertical-align:middle;" title="Academy lesson — sign in for full access">🔒</span>