I've finished a couple more rooms (and started another) in my trek for 100 days of TryHackMe. With that, I've finished a couple more writeups:

Web Fundamentals: https://coderon.in/Web-Fundamentals-e61c9b6f24d244c6824d831fe8acebdd

Burp Suite: https://coderon.in/Burp-Suite-edc09d5421f7477589cdd6352d3f028b

___________

In Web Fundamentals, you go over, well, the very fundamental building blocks of the internet. Simple objectives teaching you about request formats and cookies. It's a quick room.

In Burp Suite (BS), I had a little more trouble, primarily due to connection issues. Whose fault that is, I have no idea. But, once I reset I was able to get the room done with no issue. It was a room that was definitely more involved than Web Fundamentals.

BS taught me how to use a certificate to enable a proxy on firefox to work with Burp, then use that proxy to intercept web browser data, build a target map, actually initiate an injection attack, capture and analyze requests based off of a captured session cookie, encode/decode, and more. It was a lot of fun, but definitely a piece of software I want to learn more about. I'm going to start taking the Port Swigger free classes on BS soon as it's a vital tool in my future goals of becoming a bug bounty hunter. Those can be found at the link below.

https://portswigger.net/web-security

___________

I'm having a lot of fun with TryHackMe. If you're not already on the platform, I highly recommend it. It's made a huge difference in my own knowledge and has been more valuable to me than most other training platforms I've been a part of.

Until next time,

James