Burp Suite Pro คืออะไร
Burp Suite เป็น web application security testing platform ที่ใช้มากที่สุดในวงการ penetration testing พัฒนาโดย PortSwigger มี 3 versions Community Edition (ฟรี), Professional ($449/year) และ Enterprise Edition สำหรับองค์กร
Burp Suite Pro มีเครื่องมือหลักได้แก่ Proxy ดัก traffic ระหว่าง browser กับ server, Scanner ตรวจหา vulnerabilities อัตโนมัติ, Intruder ทำ automated attacks เช่น brute force, fuzzing, Repeater ส่ง requests ซ้ำและแก้ไขได้, Sequencer วิเคราะห์ randomness ของ tokens, Decoder encode/decode data formats, Comparer เปรียบเทียบ responses, Extensions เพิ่ม functionality ด้วย BApp Store
สำหรับ Freelance IT Career ทักษะ web security testing เป็นที่ต้องการสูง ทั้ง penetration testing services, security consulting, bug bounty hunting รายได้ freelance pentester ในไทยเริ่มต้น 30,000-80,000 บาท/project ต่างประเทศ $2,000-10,000/project
ติดตั้งและเริ่มใช้งาน Burp Suite
Setup Burp Suite Pro
# === Burp Suite Installation ===
# 1. Download and Install
# ===================================
# Download from: https://portswigger.net/burp/releases
# Requires: Java 17+ (bundled with installer)
#
# Linux:
chmod +x burpsuite_pro_linux_v2024.sh
./burpsuite_pro_linux_v2024.sh
#
# macOS: Open .dmg and drag to Applications
# Windows: Run .exe installer
# 2. Configure Browser Proxy
# ===================================
# Burp listens on 127.0.0.1:8080 by default
#
# Firefox (recommended):
# Settings > Network Settings > Manual proxy configuration
# HTTP Proxy: 127.0.0.1 Port: 8080
# Check: Also use this proxy for HTTPS
#
# Or use FoxyProxy extension:
# Title: Burp Suite
# Proxy Type: HTTP
# Proxy IP: 127.0.0.1
# Port: 8080
# 3. Install Burp CA Certificate
# ===================================
# Required for intercepting HTTPS traffic
# 1. With proxy enabled, go to http://burp
# 2. Click "CA Certificate" to download
# 3. Import to browser:
# Firefox: Settings > Privacy > Certificates > Import
# Chrome: Settings > Security > Manage Certificates > Import
# 4. Trust for identifying websites
# 4. Project Configuration
# ===================================
# New Project > Save to disk (for persistence)
# Project options:
# - HTTP > Request handling > Follow redirections: Always
# - HTTP > Streaming responses: Enable
# - Sessions > Cookie jar: Enable
# - Target > Scope: Define target URLs
# 5. Scope Configuration
# ===================================
# Target > Scope > Add
# Protocol: Any
# Host: ^example\.com$
# Port: ^443$
# File: ^/.*
#
# Options:
# - Include subdomains: *.example.com
# - Out-of-scope: exclude third-party domains
# 6. Verify Setup
# ===================================
# 1. Enable proxy in browser
# 2. Visit target website
# 3. Check Proxy > HTTP History for captured traffic
# 4. Verify HTTPS interception works (no cert errors)
echo "Burp Suite configured"เทคนิค Penetration Testing
Pentest techniques ด้วย Burp Suite
# === Penetration Testing Techniques ===
# 1. Reconnaissance (Information Gathering)
# ===================================
# Spider/Crawler:
# Target > Site map > Right-click > Spider this host
# Discovers: URLs, forms, parameters, technologies
#
# Content Discovery:
# Engagement tools > Discover content
# Uses wordlists to find hidden files/directories
#
# Manual recon:
# - robots.txt, sitemap.xml
# - .git, .env, .htaccess exposure
# - JavaScript files for API endpoints
# - Error pages for technology fingerprinting
# 2. SQL Injection Testing
# ===================================
# Intercept login request in Proxy
# Send to Intruder (Ctrl+I)
# Payload positions: username and password fields
#
# Payloads:
# ' OR '1'='1
# ' OR '1'='1'--
# ' UNION SELECT null, null--
# ' AND 1=CONVERT(int,@@version)--
# '; WAITFOR DELAY '0:0:5'--
#
# Scanner: Burp Scanner automatically tests for SQLi
# Look for: Error messages, time delays, different responses
# 3. XSS (Cross-Site Scripting)
# ===================================
# Reflected XSS:
# Find input reflected in response
# Test payloads:
#
# 
# ">Freelance IT Security Career
สร้างอาชีพ Freelance IT Security
#!/usr/bin/env python3
# security_career.py — IT Security Career Planning
import json
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger("career")
class SecurityCareerPlanner:
def __init__(self):
self.skills = {}
def career_roadmap(self):
return {
"phase_1_foundation": {
"duration": "3-6 months",
"skills": [
"Networking fundamentals (TCP/IP, HTTP, DNS)",
"Linux administration basics",
"Web technologies (HTML, JavaScript, SQL)",
"OWASP Top 10 understanding",
"Burp Suite Community Edition",
],
"resources": [
"PortSwigger Web Security Academy (free)",
"TryHackMe (beginner rooms)",
"HackTheBox Starting Point",
],
"cost": "Free - $15/month",
},
"phase_2_intermediate": {
"duration": "6-12 months",
"skills": [
"Burp Suite Pro proficiency",
"Manual pentesting methodology",
"Scripting (Python, Bash)",
"Common vulnerability exploitation",
"Report writing",
],
"certifications": [
"eJPT (eLearnSecurity Junior Penetration Tester) - $249",
"CompTIA Security+ - $404",
],
"practice": [
"HackTheBox (medium machines)",
"Bug bounty on HackerOne/Bugcrowd",
"CTF competitions",
],
},
"phase_3_professional": {
"duration": "12-24 months",
"skills": [
"Advanced web application testing",
"API security testing",
"Mobile app testing",
"Cloud security (AWS/GCP)",
"Compliance frameworks (PCI DSS, ISO 27001)",
],
"certifications": [
"OSCP (Offensive Security Certified Professional) - $1,599",
"BSCP (Burp Suite Certified Practitioner) - $99",
"CREST CRT/CCT",
],
},
}
def freelance_income(self):
return {
"thailand_market": {
"web_pentest": {"range": "30,000-80,000 THB/project", "duration": "1-2 weeks"},
"mobile_pentest": {"range": "50,000-120,000 THB/project", "duration": "2-3 weeks"},
"infrastructure_pentest": {"range": "80,000-200,000 THB/project", "duration": "2-4 weeks"},
"security_consulting": {"range": "2,000-5,000 THB/hour"},
"monthly_retainer": {"range": "50,000-150,000 THB/month"},
},
"international_market": {
"web_pentest": {"range": "$2,000-10,000/project"},
"bug_bounty": {"range": "$500-50,000/bug (critical)"},
"consulting": {"range": "$100-300/hour"},
},
}
def service_offerings(self):
return {
"web_application_pentest": {
"description": "ทดสอบเจาะระบบเว็บแอปพลิเคชัน",
"scope": "OWASP Top 10, business logic, authentication, authorization",
"deliverables": ["Executive summary", "Technical report", "Remediation guide", "Retest"],
"tools": ["Burp Suite Pro", "Nuclei", "SQLMap", "Custom scripts"],
},
"api_security_assessment": {
"description": "ทดสอบความปลอดภัย REST/GraphQL APIs",
"scope": "Authentication, IDOR, injection, rate limiting, data exposure",
"deliverables": ["API security report", "OWASP API Top 10 assessment"],
},
"vulnerability_assessment": {
"description": "สแกนหาช่องโหว่ในระบบ",
"scope": "External/internal scanning, configuration review",
"deliverables": ["Vulnerability report", "Risk ratings", "Remediation priorities"],
},
}
planner = SecurityCareerPlanner()
roadmap = planner.career_roadmap()
print("Phase 1:", json.dumps(roadmap["phase_1_foundation"]["skills"], indent=2))
income = planner.freelance_income()
print("\nIncome TH:", json.dumps(income["thailand_market"], indent=2))
services = planner.service_offerings()
print("\nServices:", json.dumps(list(services.keys()), indent=2))Bug Bounty Programs
หารายได้จาก Bug Bounty
# === Bug Bounty Guide ===
# 1. Platforms
# ===================================
# HackerOne: https://hackerone.com
# - Largest platform
# - Companies: Google, Facebook, Uber, Shopify
# - Bounties: $50 - $100,000+
#
# Bugcrowd: https://bugcrowd.com
# - Second largest
# - Companies: Tesla, Mastercard, Twitch
# - Bounties: $50 - $50,000+
#
# Intigriti: https://intigriti.com
# - European focus
# - Growing platform
#
# Open Bug Bounty: https://openbugbounty.org
# - Free, no registration needed
# - XSS and security misconfiguration only
# 2. Getting Started Strategy
# ===================================
# Week 1-4: Learn basics
# - Complete PortSwigger Academy labs
# - Practice on intentionally vulnerable apps (DVWA, WebGoat)
# - Read disclosed bug reports on HackerOne
#
# Month 2-3: Start hunting
# - Pick 1-2 programs with wide scope
# - Focus on less popular targets (less competition)
# - Start with recon: subdomain enumeration, content discovery
# - Look for low-hanging fruit: XSS, open redirects, info disclosure
#
# Month 4-6: Level up
# - Target specific vulnerability classes
# - Develop custom tools/scripts
# - Chain vulnerabilities for higher impact
# - Write clear, detailed reports
# 3. Recon Workflow
# ===================================
# Subdomain enumeration:
# subfinder -d target.com -o subs.txt
# httpx -l subs.txt -o alive.txt
#
# Content discovery:
# ffuf -w wordlist.txt -u https://target.com/FUZZ
#
# Technology fingerprinting:
# whatweb https://target.com
# wappalyzer (browser extension)
#
# JavaScript analysis:
# Find API endpoints, secrets, hidden functionality
# Use: LinkFinder, SecretFinder
# 4. Report Writing Template
# ===================================
# Title: [Severity] Vulnerability Type on endpoint
# Summary: Brief description of the issue
# Severity: Critical/High/Medium/Low
# Steps to Reproduce:
# 1. Go to https://target.com/vulnerable-endpoint
# 2. Intercept request with Burp Suite
# 3. Modify parameter X to payload Y
# 4. Observe the result
# Impact: What an attacker can do
# Proof of Concept: Screenshots, video, code
# Remediation: How to fix the issue
# References: CWE, OWASP links
# 5. Common Mistakes to Avoid
# ===================================
# - Testing out of scope
# - Not reading program policy
# - Submitting duplicates (search first)
# - Poor report quality
# - Being aggressive/disrespectful
# - Automated scanning without manual verification
# - Not following responsible disclosure
echo "Bug bounty guide complete"สร้าง Portfolio และหาลูกค้า
สร้าง portfolio สำหรับ freelance security
#!/usr/bin/env python3
# portfolio_builder.py — Security Portfolio Builder
import json
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger("portfolio")
class PortfolioBuilder:
def __init__(self):
self.items = []
def portfolio_checklist(self):
return {
"online_presence": {
"website": "Personal website with services, blog, contact",
"linkedin": "Professional profile with security certifications",
"github": "Security tools, scripts, writeups",
"blog": "Technical writeups, CTF solutions, vulnerability research",
},
"credentials": {
"certifications": ["OSCP", "BSCP", "eJPT", "CEH", "CompTIA Security+"],
"bug_bounty": "HackerOne/Bugcrowd profile with findings",
"ctf": "CTF rankings and achievements",
"references": "Testimonials from previous clients",
},
"sample_deliverables": {
"pentest_report": "Redacted sample pentest report",
"methodology": "Your testing methodology document",
"tools": "Custom tools or scripts you have developed",
},
}
def client_acquisition(self):
return {
"channels": {
"platforms": ["Upwork", "Toptal", "Fiverr Pro", "Freelancer.com"],
"networking": ["BSides conferences", "OWASP meetups", "Security communities"],
"referrals": "Best source - deliver great work and ask for referrals",
"content_marketing": "Blog posts, YouTube tutorials, speaking at events",
"linkedin": "Connect with CTOs, CISOs, IT managers",
},
"pricing_strategy": {
"hourly": "เริ่มต้น 1,500-3,000 THB/hour",
"project": "คิดจาก scope + complexity + timeline",
"retainer": "Monthly security monitoring + quarterly pentest",
"value_based": "Price based on value to client, not time spent",
},
"proposal_template": {
"sections": [
"Executive Summary",
"Scope of Work",
"Methodology (OWASP, PTES)",
"Timeline and Milestones",
"Deliverables",
"Pricing",
"Terms and Conditions",
"About / Credentials",
],
},
}
builder = PortfolioBuilder()
checklist = builder.portfolio_checklist()
print("Portfolio:", json.dumps(checklist["online_presence"], indent=2))
acquisition = builder.client_acquisition()
print("\nChannels:", json.dumps(acquisition["channels"], indent=2))
print("\nPricing:", json.dumps(acquisition["pricing_strategy"], indent=2))FAQ คำถามที่พบบ่อย
Q: Burp Suite Community กับ Pro ต่างกันอย่างไร?
A: Community Edition ฟรี มี Proxy, Repeater, Decoder, Comparer แต่ Intruder ช้ามาก (throttled) ไม่มี Scanner, ไม่มี content discovery, ไม่ save projects Pro ($449/year) มี Scanner อัตโนมัติ Intruder เร็วเต็มที่ save/load projects ได้ content discovery extensions ทำงานเต็มที่ สำหรับเรียนรู้เริ่มจาก Community ได้ สำหรับทำงานจริง (freelance, pentest) ต้อง Pro เพราะ Scanner ประหยัดเวลามาก และ Intruder ที่เร็วจำเป็นสำหรับ brute force testing
Q: ต้องมี certification อะไรบ้างสำหรับ freelance pentester?
A: ไม่จำเป็นต้องมี cert เพื่อเริ่มทำ freelance แต่ช่วยสร้างความน่าเชื่อถือ แนะนำตามลำดับ eJPT ($249) เริ่มต้นง่าย พิสูจน์ basic skills, CompTIA Security+ ($404) พื้นฐาน recognized ทั่วโลก, BSCP ($99) จาก PortSwigger พิสูจน์ทักษะ web security โดยเฉพาะ, OSCP ($1,599) gold standard ของ pentesting ถ้ามี OSCP ได้งานง่ายมาก สำหรับตลาดไทย eJPT + portfolio ดีๆ เพียงพอสำหรับเริ่มต้น OSCP สำหรับลูกค้า international
Q: Bug Bounty กับ Pentest Freelance อันไหนรายได้ดีกว่า?
A: Pentest Freelance รายได้คงที่กว่า มี contract ชัดเจน ได้เงินแน่นอน เหมาะสำหรับสร้างรายได้หลัก Bug Bounty รายได้ไม่แน่นอน อาจหาไม่เจอ bug เลย หรือเจอ critical bug ได้เงินหลักแสน เหมาะเป็นรายได้เสริม แนะนำทำ Pentest Freelance เป็นหลัก Bug Bounty เป็นเสริมในเวลาว่าง Bug bounty ช่วยสร้าง portfolio ที่ดีเพราะมี public profile และ proven track record
Q: Pentest กับ Vulnerability Assessment ต่างกันอย่างไร?
A: Vulnerability Assessment (VA) สแกนหาช่องโหว่ด้วยเครื่องมืออัตโนมัติ (Nessus, Qualys) ให้รายการ vulnerabilities พร้อม severity ไม่ได้ exploit จริง ใช้เวลา 1-3 วัน ราคาถูกกว่า Penetration Testing (Pentest) ทดสอบเจาะระบบจริง ใช้ทั้งเครื่องมืออัตโนมัติและ manual testing พยายาม exploit vulnerabilities เพื่อพิสูจน์ impact ทดสอบ business logic flaws ที่ scanner จับไม่ได้ ใช้เวลา 1-4 สัปดาห์ ราคาแพงกว่า ทั้งสองจำเป็น VA ทำเป็นประจำ (quarterly) Pentest ทำปีละ 1-2 ครั้ง
