We use Burp Suite free edition software which is installed in kali linux operating system. Burp covers over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
In this we use “spider” tool in Burp Suite. Burp Spider is a tool for automatically crawling web applications. While it is generally preferable to map applications manually, you can use Burp Spider to partially automate this process for very large applications, or when you are short of time.
I used google-gruyere website for testing purposes. This website is vulnerable for various vulnerabilities such as cross-site scripting and SQL injection.
First of I configured proxy in the web browser. ( ip address - 127.0.0.1)
Then visit the web site. https://google-gruyere.appspot.com/
Then open burp suite. In order to access this website in the browser you should forward all data packets from burp suite “Target” section.
In the site map section all the websites that have been accessed will be listed down. From there I find https://google-gruyere.appspot.com/. Then I right click on it and select “spider this host”.
By going to spider -> control I can make sure that the “spider” is running properly.
Once I clicked on “spider this host” burp suite started to scan through the website. Finally it displays all the web pages(html, text files) in the middle section of it.
Here you go. You have retrieved all the web pages in the website.
No comments:
Post a Comment