In the site map, notice that some endpoints that are grayed out. If you have any application login credentials, or are able to create your own user, log in and explore the authenticated areas of the site. If you're using Burp Suite Community Edition, make sure you fully explore the application: Explore the website to familiarize yourself with it and identify high-risk functionality. While the scan runs, go back to Burp's browser. Notice that the site mapĪutomatically populates as Burp Scanner discovers content. For more information, see Application login options.
This task adds items to the site map as traffic is proxied through Burp. If no node is present, go to the Dashboard and make sure that the default Live passive crawl from Proxy task is running. Notice that a node has been automatically added to represent the target domain. Without closing the browser, go to Target > Site map.Open Burp's browser and go to your target application.You can follow along with the process below using ginandjuice.shop, our deliberately vulnerable demonstration site. We recommend that you set an initial test scope before you start mapping the application. Make sure you map the entire application thoroughly, so that you don't miss anything interesting. This refers to the endpoints that are explicitly used by the domains you're testing. To discover locations that are available to audit, you need to map the target application's visible attack surface. PROFESSIONAL COMMUNITY Mapping the visible attack surface with Burp Suite Managing application logins using the configuration library.Credential stuffing using Burp Intruder.
Spoofing your IP address using Burp Proxy match and replace.Testing for reflected XSS using Burp Repeater.Viewing requests sent by Burp extensions using Logger.Brute forcing a login with Burp Intruder.Resending individual requests with Burp Repeater.Augmenting manual testing using Burp Scanner.Intercepting HTTP requests and responses.Viewing requests sent by Burp extensions.Search Professional and Community Edition
0 kommentar(er)
