One of the most common problems with modern tutorials for tools is that they tend to sound a lot like man-pages or documentation. For instance, they'll tell you all about the little command flags, all the little buttons you can click on; but something that they seem to miss out on is "WHY you would use each of these options?" So, for this video, we're going to do things a little different. Instead, I'm going to walk you through a typical pentest, and we're going to see where you should use each tool within Burp Suite along the way. * How to spin up Juice Shop on Docker - https://www.youtube.com/watch?v=xwcPgeEFnuM * Juice Shop Heroku - https://juice-shop.herokuapp.com/ 0:00 Intro 0:57 Setup 1:57 Reconnaissance Steps 2:16 Application Mapping 5:42 Parameter Tampering 9:44 Finding Secrets 14:01 Registration/Login Flow 20:03 Analyzing JWT Tokens 23:16 Special Message 25:25 Exploiting IDOR 26:21 Burp Intruder Workflow 28:06 Advanced Intruder Settings 33:03 Finding Logic Flaws 37:30 Exploiting Logic Flaws 39:31 Success & Homework for you 40:23 Putting it all together (Another logic flaw) 49:26 Stealing Christmas 49:52 How you know you're done 50:50 Wrap up #infosec #bugbounty #pentesting #hacking #cybersecurity #burpsuite