This is all cool but the problem I have now is that I go on a website like google gruyere or OWASP Juice Shop and I have no idea what to do. I start burp and am quite lost
Also when I was trying to do the portswigger academy I couldn’t login for whatever reason so I couldn’t do the labs to train, but I feel like they’ll be the same thing, throwing you out there with the tools but no info on how to use them. Any help?
Well, at least how I see it, “hacking” is learned by getting your hands dirty and figuring stuff out by reading blogs, watching youtube videos, and spending a lot of time in the mud. Don’t be afraid of walkthroughs of HTB retired boxes while you’re learning. They’ll be a wealth of information.
Unfortunately, that’s how a lot of jobs are - here are the tools, figure it out. I mean, I’ve been at it for years, and I still feel like a complete moron daily. Granted, I’m just a lifelong “amateur” hacker, and I don’t work in the industry.
So tighten up those googling skills, figure out why you can’t login to portswigger, and just hammer away at it. Can’t use Burp? Google it. Can’t enumerate directories? Google it. Don’t know what port forwarding is? Google it.
Google has the answers to everything, but It won’t be easy, and you’ll never feel like you have a full grasp of everything out there.