W 600: Web Security Academy & Burp (20 pts)

What You Need

Purpose

To sign up on the free Web Security Academy from Portswigger, which we'll use for projects.

Joining the Academy

Go to https://portswigger.net/web-security

Click the orange "Sign up" button.

Enter your email account and click the green Register button.

Check your email. Follow the instructions there to complete your registration.

When you first log in on the Portswigger page, you end at the "My account" page.

At the top right, click Academy.

Flag W 600.1: Word (10 pts)

You see a page showing your accomplishment on the PortSwigger Web Security Academy.

The flag is the word covered by a green rectangle in the image below.

Installing Burp

Go to https://portswigger.net/burp/communitydownload

Download Burp Suite Community Edition. Install it.

If you have problems, consult this page for more tips:

https://portswigger.net/burp/documentation/desktop/getting-started/installing-burp

Running Burp's Browser

Launch Burp.

At the Welcome page, accept the default selection of "Temporary project" and click Next.

On the next page, accept the default selection of "Use Burp defaults" and click "Start Burp".

Burp opens on the Dashboard tab. Click the Proxy tab.

Click the "Intercept is on" button, so it changes to "Intercept is off", as shown below.

Click the "Open Browser" button.

In the Browser, go to:

https://samlols.samsclass.info/129S/flag.php

as shown below.

Flag W 600.2: HTTP history (10 pts)

In Burp, on the Proxy tab, click the "HTTP history" sub-tab.

Click the GET request that loaded the flag.php page. The Response contains the flag, covered by a green rectangle in the image below.

Viewing the Labs

In the PortSwigger Web Security Academy page, in the "Learning materials" section click the "VIEW ALL" button.

You see a list of topics, as shown below.

You can do these in any order, but I recommend starting with these ones because they are easier:

The PortSwigger system will track your progress. Each completed lab is worth 10 points. For example, when I took the image below, I had completed 67 labs for a total of 670 points.

Submitting Projects in Canvas

Take a full-desktop image of the "Track your progress" box each week and submit it in Canvas in the W600 project so we can track your progress.


Posted 12-31-2020