Type your comment> @TazWake said:
@wh4ck said:
This is all cool but the problem I have now is that I go on a website like google gruyere or OWASP Juice Shop and I have no idea what to do. I start burp and am quite lost
You need to determine where you need to start. Web application attacks are complicated and can range from simple to super-advanced exploitation. If you have limited experience, then it might be better to look at the more foundational things.
Also when I was trying to do the portswigger academy I couldn’t login for whatever reason
You need to create an account then you can log in. If you can’t login, it’s probably worth trying to find out why. If you’ve forgotten your password you can reset it.
so I couldn’t do the labs to train, but I feel like they’ll be the same thing,
Well, it depends. Portswigger has some of the best content for learning web application security - for example:
Web cache poisoning | Web Security Academy
You don’t need an account to see that, the academy access is more for the labs to practice this.
throwing you out there with the tools but no info on how to use them. Any help?
There is a lot of information out there - but you really need to look for it if you want it for free. It is very hard for other people to point you at things which you will understand rather than the things they understand.
There are countless places to look with content on places like Pluralsight, Cybrary, Udemy, Tutorialspoint, Guru99, Hackingarticles etc.
If the free information isn’t working then the only real alternative is to fund some formal training.
As always you present some of the best information for everyone IMO. Learning web application attacks can be hard, but it’s about breaking these attacks apart and learning the foundations of these attacks individually.