Name: Burp Pro - Real-life tips and tricks
Start: 2013-08-22T13:50:00+0200
End: 2013-08-22T14:35:00+0200

Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu

Back To Schedule

Burp Pro - Real-life tips and tricks

A lot of services are provided through the Web. Pentesters are spending a lot of time testing Web applications, Web Services, REST and JSON interfaces, mobile applications and thick clients. For all these assessments, an interactive HTTP proxy is mandatory to intercept, analyze, modify and replay the traffic. Burp Pro is the "de facto" tool for this kind of job. This presentation conveys many years of experience in using this tool and will try to address real-life situations. Topics covered: recent features like Burp Extender, testing of mobile applications, automatic scanning despite CSRF tokens (using "Recursive Grep" or Macros) and session logout, interactive parsing and manipulation of items, useful tricks like shortcuts and backups, efficient brute-forcing of BasicAuth forms, ...

Speakers

Nicolas Grégoire

Nicolas Grégoire (@agarri_fr), electronic-sheep-herder from the beautiful South of France will show how to get the most out of Burp Pro during pen-tests. A must see for serious offensive security folks who like to do more than just clicking buttons.

Thursday August 22, 2013 1:50pm - 2:35pm CEST
Aussichtsreich Emporio

Hackpra Talk

OWASP AppSec Research 2013

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Nicolas Grégoire