Mastering Burp Suite Pro

Instructed by Nicolas Grégoire

This training isn’t about Web hacking. Instead, this training is for Web hackers who want to master their toolbox.

Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.

Classes are limited. Get registered!

Learn the following key skills:

  • After an introduction to the training platform and its challenges, this day is spent on well-defined tasks where the goal is to find flags, like in CTF contests. We practice basic automation using tools like Proxy, Repeater and Intruder. The goal is to improve the speed of our interactions with the tool, while monitoring and self-assessing our attacks.
  • Challenges get more realistic: solving them requires a good understanding of the underlying application and the usage of multiple Burp Suite tools, possibly including extensions. Additionally, we keep working on the efficiency of the testing workflow (using shortcuts or extensions) and on self-monitoring (now with Logger++). The latter skill will prove itself invaluable when working on session handling rules.
  • Next, we dig deeper in advanced subjects. That covers authorization testing, custom active scanning, Web Services and much more! Built-in features are pushed to their limits, and extra ones provided by extensions are commonly used.


  • Computer (with appropriate WiFi connectivity)
  • 64-bit OS supported by Burp Suite Pro (Linux, Windows or Mac)
  • Administrative privileges (in order to configure network settings)
  • Recent version of the 64-bit Oracle JVM (possibly installed using the Burp bundles)
  • Burp Suite Pro license (I can provide temporary ones)
  • Modern browser (no IE6, no Epiphany)


Students should have:

  • Basic knowledge of Burp Suite (UI navigation, traffic interception and replay)

Intermediate to Advanced


In person Live Online


2024 - TBA


4 days


The training is aimed at Web application penetration testers and bug hunters, and will provide them with significant automation capabilities. We aim at a fast and comfortable testing workflow with as-short-as-possible feedback loops.

  • Standard Rate

Why choose the Center for Cyber Security Training

Interactive, classroom-based learning

Subject matter experts

Trusted by US government agencies

Nicolas Grégoire

Nicolas Grégoire (aka @Agarri_FR) has nearly 20 years of experience in penetration testing and auditing of networks and (mostly Web) applications. He is an official Burp Suite Pro trainer since 2015, and trained hundreds of people since then, either privately or during infosec events. Outside of that, he runs Agarri, an one-guy company where he finds security bugs for customers and for fun.

His public security research (that mostly deals with XML, XSLT and SSRF) was presented at numerous conferences around the world (HackInTheBox, ZeroNights, HackInParis, Nullcon, …).

He was also thanked by numerous vendors for responsibly disclosing vulnerabilities in their products and services, directly or through bug bounty programs.

I’ve been using BurpSuite for years but Agarri showed that I’ve never used more than 5% of the tool. Thanks for that awesome training!


Want more information?

Download Agarri's "Burp Suite Pro" course outline now.

Upcoming Training Sessions

October 10-13, 2023

Classes are limited.

Enroll Now.

Related Courses

Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.


Corelan® Exploit Development: Advanced

Our four-day advanced course will teach students how the Windows 7 and Windows 10 Heap Manager works, and how to write exploits for complex heap-related memory corruptions for the Win32 platform in a fast-paced, interactive learning environment. Master the techniques you need to succeed in the field.


Tactical Exploitation: Windows/Unix

In this intense five-day course, students will learn a variety of covert techniques used to enter secure commercial facilities. From lock picking and key decoding to RFID cloning and alarm sensor bypassing, students who demonstrate hands-on proficiency in key tactics will earn a Certificate of Completion.

Looking for a course that's not here? We'd love to hear your suggestions!

Are you fully prepared to deal with today's increasing cyber security risks? We can help you get the training you need.


*We respect your privacy