Review Burp Suite Certified Practitioner (BSCP)

Review Burp Suite Certified Practitioner (BSCP)

Tips for passing the BSCP on your first attempt.

Introduction

For anyone who has been in the world of hacking for a while, Burp Suite is a must-have tool. PortSwigger, the company behind Burp, offers the BSCP (Burp Suite Certified Practitioner) certification, designed to teach you various web hacking techniques. Throughout this certification, you will learn to exploit vulnerabilities such as Prototype Pollution and more advanced attacks such as HTTP Request Smuggling.

Preparation

My preparation began by solving all the labs in each section. First, I completed the server-side topics, then moved on to the client-side ones, and finally worked on the advanced topics.

While going through the labs, I also practiced with random labs. This helped me a lot because the exam is unpredictable—you don’t know which vulnerability you’ll get. Random labs are great for getting used to this environment since they don’t give you any hints on what to look for.

The Exam

The exam lasts four hours, and you must hack two web applications. In each application, you need to complete three stages:

  1. Gain access as an unprivileged user.
  2. Escalate to an administrator user.
  3. Read a file on the server.

Before starting, you must download Examinity(Currently, it is compatible with all operating systems, when I completed the certification in August 2024, it was only compatible with Windows), is the application that will monitor you throughout the test. It’s essential to have an ID on hand since you won’t be able to take the exam without it. Additionally, having Burp Suite Professional is a requirement, as at the end of the exam, you will be asked to upload a file with the logs of your activity.

I must admit that I was very nervous at the beginning of the exam because this certification is quite demanding. Due to its complexity and duration, it’s common to fail on the first attempt.

During the exam, I solved the first web application quite easily. However, in the second one, I got stuck on the final phase—reading the file from the server. I didn’t realize that the vulnerability had been right in front of me the entire time. After analyzing for a while, I finally managed to exploit the vulnerability, completing the exam on my first attempt.

Tips

  • Focus on each stage: Don’t waste time looking for vulnerabilities you don’t need yet. For example, don’t get obsessed with finding an OS Command Injection in the first stage if you haven’t even accessed the admin panel.

Vulnerabilities by stages

  • Use Burp Scanner to your advantage: Time is very limited, so I recommend running Burp Scanner in the background while performing manual tests. This can save your work and help with recognizing vulnerabilities.
  • Practice with random labs: This is a key part of your preparation and shouldn’t be overlooked. It closely resembles the exam since you won’t know what vulnerability you’re dealing with until you check the hint. However, for a more realistic preparation, I recommend not looking at the hint and trying to solve it on your own.
  • Use Polyglots to identify vulnerable inputs: I recommend using this '"%)}<> polyglot on every input you find, as it can be very helpful in identifying whether an input is vulnerable. I learned this from a video by Andres Roldan, where he shared his experience on taking the certification.
  • Create your cheat sheet: I recommend that you prepare a cheat sheet with all the payloads you use during your preparation. This will be of great help to you in the exam, as you will find vulnerabilities similar to those in the labs, and you will be able to exploit them more quickly.
  • Always take vulnerabilities one step further: When studying a vulnerability, don’t exploit it exactly as shown in the lab. Instead, think about how you could achieve a bigger impact with that vulnerability. What do I mean by this? For example, if you are practicing XSS, don’t settle for just exploiting XSS as you were instructed to do in the lab. Instead, try creating a payload that allows you to steal a session cookie.

This mindset will help you a lot during the exam because you’ll need to take the vulnerabilities one step further to be successful.

During the exam, you can use several extensions that will make your analysis easier. Some of the most useful ones are:

  • HTTP Request Smuggler: This extension is extremely helpful when looking for HTTP Request Smuggling. I recommend not interacting with the page while using it, as it could affect the scan results.
  • Param Miner: Helps identify hidden parameters, which is especially useful for finding web cache poisoning vulnerabilities.
  • JWT Editor: Perfect when working with JWT as it allows you to view and manipulate them easily.
  • InQL - GraphQL Scanner: Makes detecting GraphQL endpoints easier and allows for quick analysis.
  • Ysoserial: Helps serialize objects in Java, which can be crucial for certain security tests.
  • Sqlmap: Needs no introduction 😆. My recommendation is that when you find an endpoint vulnerable to SQLi, use specific techniques to speed up the process. Also, in some cases, the --random-agent parameter can be very helpful.

Other Useful Resources

My Certificate

📜 Official Certificate

Certificate

© 2025. All rights reserved.