I am new to web pentesting and I want to know what web applications can I use burp suite on. As far as I know, A damn vulnerable web application is one of them. I don't want to get in any trouble by doing random tests.
Asked
Active
Viewed 193 times
1
-
prbly the best way is to run your own services locally in a vm or on a server you own – mad.meesh Aug 15 '18 at 16:55
2 Answers
0
In a lot of our testing and tutorials we use OWASP Broken Web Apps. This will give you a range of targets to get started on.
PortSwigger
- 277
- 1
- 8
0
To learn web penetration testing, there are a lot of ressources out there.
To make sure you don't intrude anywhere that you are not allowed to, stick to CTF platforms/sites.
Some examples are:
There are many more like this out there!
In addition to that, you could also take a look at Vulnhub where people upload VMs as challenges for penetration testers. If you are downloading and starting VMs from strangers, make sure to take some precautions (isolate them in a lab-network without access to your normal lan etc) to stay safe.
Not every CTF challenge will need BurpSuite though, but you'll quickly find out - if a scan for TCP/80 and TCP/443 turns up nothing, move on to the next. (Or dive in deeper, if you like)
mhr
- 135
- 1
- 10