![]() Precisely a web crawler maps the structure of a website by browsing all its inner pages. The crawler is also reffered to as a spider or automatic indexer.īurpsuite has got its own spider called the burpspider. The burp spider is a program which crawls into all the pages of a target specified in the scope. Before starting the burp spider, burpsuite has to to be configured to intercept the HTTP traffic. Like any other GUI/Windows tool, burpsuite contains a standard menu bar, 2 rows of tabs & different set of panels as seen below. ![]() ![]() The above figure shows the options & details about the target. Request/Response Details – The HTTP requests made & the responses from the servers.Requests Queue – Displays the requests being made.Sitemap View – Displays the sitemap once spider has started.Tool & Options selector Tabs – Select between Various tools & settings of burpsuite.They are described against the corresponding numbers as follows: In the above figure there are mainly 4 sections. Spidering is a major part of recon while performing Web security tests. Scenario: Attacker – Kali Linux VM, IP = 192.168.0.105 It helps the pentester to identify the scope & archetecture of the web-application.As described earlier, burpsuite has it’s own spider called the burp spider which can crawl into a website. Target – OWASP Broken Web Application VM, IP = 192.168.0.160įirst, start burpsuite and check details under the proxy tab in Options sub-tab. Ensure IP is localhost IP & port is 8080.
0 Comments
Leave a Reply. |