Passive Crawling with Burp Suite

Web Application Pentesting Tools can prove to be very helpful while performing penetration testing.

In this lab exercise, we will take a look at how to use Burp Suite to perform passive crawling on the Mutillidae web application.

Task:

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running the Mutillidae web application will be accessible at demo.ine.local.

Objective: Perform passive crawling on the web application with Burp Suite.

Tools

The best tools for this lab are:

  • Nmap

  • Burp Suite

Solutions:

Step 1: Open the lab link to access the Kali machine.

Content Image

Step 2: Check if the target machine is reachable:

Command:

Content Image

The target is reachable.

Step 3: Run an nmap scan against the target:

Command:

Content Image

Port 80 and 3306 are open.

Step 4: Access the web application using firefox.

Command:

Content Image

Step 5: The target is running OWASP Mutillidae II. Configure the firefox browser to use burp suite proxy.

Content Image

Step 6: Start burp suite.

Content Image

Go to the Proxy tab, and turn off the intercept.

Content Image

Step 7: Navigate to the Dashboard tab.

Content Image

You will see that Passive Crawling is enabled.

Browse the Mutillidae application and burp will automatically crawl the visited pages.

The passive crawler statistics are mentioned.

Content Image

Step 8: Go to the "HTTP history" tab under Proxy.

Content Image

The visited web pages will appear under this tab.

Step 9: Navigate to “Target” tab and the sitemap of the web application will be displayed.

Content Image

Conclusion

In this lab, we saw how to use Burp Suite to perform passive crawling on a web application.

References

PreviousEstablishing A Shell Through the Victim's BrowserNextApache Recon: Basics

Last updated