WEBVTT 0:00:06.080000 --> 0:00:10.960000 So we now have a pretty good idea as to, you know, how to utilize burp 0:00:10.960000 --> 0:00:15.220000 suite, you know, in a general perspective with regards to the user interface, 0:00:15.220000 --> 0:00:17.700000 we've taken a look at the target and the scope. 0:00:17.700000 --> 0:00:22.000000 Let's take a look at a practical example now in the form of a live lab. 0:00:22.000000 --> 0:00:26.160000 And in this case, the example of the scenario we'll be exploring is the 0:00:26.160000 --> 0:00:29.320000 process of performing passive crawling with burp suite. 0:00:29.320000 --> 0:00:33.120000 So again, very similar to what we did in the previous video, now just 0:00:33.120000 --> 0:00:34.600000 in the form of a lab environment. 0:00:34.600000 --> 0:00:39.580000 And again, I'll be showing you or utilizing the target and the scope functionality 0:00:39.580000 --> 0:00:43.940000 and the passive crawler to show you the important pieces of information 0:00:43.940000 --> 0:00:49.360000 you can find, you know, through just, you know, finding hidden files or, 0:00:49.360000 --> 0:00:53.720000 you know, sort of building out a site map of a, of a target site or a 0:00:53.720000 --> 0:00:57.840000 site that is within this scope, you know, that you're actually testing. 0:00:57.840000 --> 0:01:01.040000 So this video has a lab environment attached to it. 0:01:01.040000 --> 0:01:03.380000 All you need to do is just start up the lab. 0:01:03.380000 --> 0:01:07.500000 You can watch the video, then move on to the lab or you can essentially, 0:01:07.500000 --> 0:01:12.380000 you know, go through it with me, but it is fairly simple. 0:01:12.380000 --> 0:01:17.040000 So I'll be switching over to the lab environment after which you can join 0:01:17.040000 --> 0:01:21.400000 me. So I'll see you there. 0:01:21.400000 --> 0:01:25.200000 All right. So I am back within the lab environment. 0:01:25.200000 --> 0:01:29.060000 So you'll be provided with a Kali Linux system already pre-configured 0:01:29.060000 --> 0:01:33.040000 and it already has burp suite installed, although it may be an older edition 0:01:33.040000 --> 0:01:37.000000 or an older version of the features that we require all exist. 0:01:37.000000 --> 0:01:40.960000 So the first thing you need to do is identify the targets IP address. 0:01:40.960000 --> 0:01:42.300000 So there's no real domain here. 0:01:42.300000 --> 0:01:44.240000 So that's perfectly fine. 0:01:44.240000 --> 0:01:48.360000 I'll open up a terminal and just type in the ifconfig command. 0:01:48.360000 --> 0:01:53.340000 And you want to take a look at the interface, Ethernet one, and this is 0:01:53.340000 --> 0:01:55.340000 the Kali Linux IP address. 0:01:55.340000 --> 0:01:59.940000 So within the I need labs, the target is always going to be the next IP 0:01:59.940000 --> 0:02:03.640000 address within the subnet that the Kali Linux system is on. 0:02:03.640000 --> 0:02:05.600000 So in your case, your IP will be different. 0:02:05.600000 --> 0:02:11.620000 However, globally speaking, the Kali Linux IP is always the second IP 0:02:11.620000 --> 0:02:12.560000 within the subnet. 0:02:12.560000 --> 0:02:15.720000 So you can see that is also going to be the same for you, although the 0:02:15.720000 --> 0:02:17.140000 subnet will be different. 0:02:17.140000 --> 0:02:20.660000 All you need to do is just copy this and change the two at the end to 0:02:20.660000 --> 0:02:23.140000 a three. And that is the target IP. 0:02:23.140000 --> 0:02:24.180000 So I'll just copy this. 0:02:24.180000 --> 0:02:28.460000 And if we try and ping this, you should be able to see, I'll replace it 0:02:28.460000 --> 0:02:30.040000 to a three. And there we are. 0:02:30.040000 --> 0:02:32.800000 So we're actually getting responses. 0:02:32.800000 --> 0:02:37.180000 And of course, what that means is that this particular site is reachable. 0:02:37.180000 --> 0:02:41.580000 And of course, we can perform a quick end maps scan on it to see if we 0:02:41.580000 --> 0:02:43.040000 have a web server on it. 0:02:43.040000 --> 0:02:47.240000 So I'll just paste in the IP I copied, changed the two to a three. 0:02:47.240000 --> 0:02:51.240000 And in this case, we're just performing some quick service version detection 0:02:51.240000 --> 0:02:55.280000 scanning on the target IP on port 80. 0:02:55.280000 --> 0:02:58.640000 So in this case, you can see we do indeed have a web server running. 0:02:58.640000 --> 0:03:01.100000 In this case, it's just an Apache web server. 0:03:01.100000 --> 0:03:04.920000 So I'll open up my browser, which in this case is going to be Firefox. 0:03:04.920000 --> 0:03:09.400000 And you can see it already comes pre preconfigured with proxy or rather 0:03:09.400000 --> 0:03:13.840000 foxy proxy. I'll paste in the IP, change the two to a three. 0:03:13.840000 --> 0:03:18.400000 And in this case, the vulnerable web application is OASP motility, which 0:03:18.400000 --> 0:03:22.380000 is again, a deliberately vulnerable web application that you may be familiar 0:03:22.380000 --> 0:03:26.340000 with. That is great for learning about web application vulnerabilities 0:03:26.340000 --> 0:03:28.620000 and how to exploit them. 0:03:28.620000 --> 0:03:32.060000 All right. So now that we have that done, we can open up the Kali menu 0:03:32.060000 --> 0:03:35.900000 here and head over to web application analysis. 0:03:35.900000 --> 0:03:37.480000 And we want to launch burp suite. 0:03:37.480000 --> 0:03:40.960000 So you can see this is a slightly older version, but again, it'll work. 0:03:40.960000 --> 0:03:42.340000 So this is the community edition. 0:03:42.340000 --> 0:03:45.840000 We'll create a temporary project and we'll use the defaults. 0:03:45.840000 --> 0:03:50.640000 And I'm also going to enable the burp suite profile under foxy proxy here, 0:03:50.640000 --> 0:03:52.460000 which is already set up for you. 0:03:52.460000 --> 0:03:54.180000 So you don't need to do it yourself. 0:03:54.180000 --> 0:03:58.660000 And we'll open up burp suite here and I'll hit OK. 0:03:58.660000 --> 0:04:00.400000 And you can see we have the active crawler. 0:04:00.400000 --> 0:04:02.880000 So everything is pretty much the same. 0:04:02.880000 --> 0:04:07.780000 And what you can do then here is again, if you want to configure the options, 0:04:07.780000 --> 0:04:11.920000 you can go into the user options or the configuration library. 0:04:11.920000 --> 0:04:16.320000 You also have the ability to modify the if we take a look at project, 0:04:16.320000 --> 0:04:18.320000 project options. 0:04:18.320000 --> 0:04:22.720000 We should have the ability to modify this one, the user options under 0:04:22.720000 --> 0:04:26.120000 display. You should be able to modify this. 0:04:26.120000 --> 0:04:31.000000 So you have a metal look, you have a GTK and also dark killer, which will 0:04:31.000000 --> 0:04:32.240000 change it into dark. 0:04:32.240000 --> 0:04:35.220000 And of course, you then need to restart it. 0:04:35.220000 --> 0:04:38.820000 So again, just showing you how this would work within the labs in case 0:04:38.820000 --> 0:04:41.420000 you want a dark look and feel. 0:04:41.420000 --> 0:04:42.580000 So there we are. 0:04:42.580000 --> 0:04:46.280000 You can see we get our all favorite dark look here, although it's not 0:04:46.280000 --> 0:04:48.360000 the same that we have on the latest version. 0:04:48.360000 --> 0:04:50.680000 But again, this will work just fine. 0:04:50.680000 --> 0:04:51.520000 So there we are. 0:04:51.520000 --> 0:04:57.180000 We'll hit OK. And actually for the sake of simplicity, because I need 0:04:57.180000 --> 0:05:03.100000 all of these options to be visible, I'll change this back to the metal 0:05:03.100000 --> 0:05:04.320000 right over here. 0:05:04.320000 --> 0:05:05.600000 And I'll just restart this. 0:05:05.600000 --> 0:05:07.460000 So I do apologize. 0:05:07.460000 --> 0:05:10.560000 But that should be perfectly fine. 0:05:10.560000 --> 0:05:14.820000 We're not missing anything so far. 0:05:14.820000 --> 0:05:17.480000 And we'll give it a couple of seconds. 0:05:17.480000 --> 0:05:20.180000 So there we are next and start up burp. 0:05:20.180000 --> 0:05:23.220000 And that's the metal look, which I personally like. 0:05:23.220000 --> 0:05:25.240000 And I'll just hit OK. 0:05:25.240000 --> 0:05:25.840000 So there we are. 0:05:25.840000 --> 0:05:27.660000 So you have the same pains here. 0:05:27.660000 --> 0:05:30.320000 You have the live passive crawl, which is currently active. 0:05:30.320000 --> 0:05:35.380000 And we then have the issue pane here, the advisory and the event log. 0:05:35.380000 --> 0:05:39.920000 So the event log tells us that, you know, the proxy service started successfully. 0:05:39.920000 --> 0:05:42.020000 All of it is good under proxy. 0:05:42.020000 --> 0:05:46.580000 We can see that we there's a GET request being made by Firefox. 0:05:46.580000 --> 0:05:50.620000 So we can just for this or just disable this temporarily. 0:05:50.620000 --> 0:05:54.180000 And if we go into the HTTP history, we can see that there. 0:05:54.180000 --> 0:05:57.880000 We also have the WebSockets history and the options here. 0:05:57.880000 --> 0:06:01.120000 But the first thing we want to do is configure our scope. 0:06:01.120000 --> 0:06:05.280000 So in this case, we would simply need to add our scope here. 0:06:05.280000 --> 0:06:09.360000 So, you know, we can just say or paste in the IP and change that to a 0:06:09.360000 --> 0:06:12.580000 three and just hit OK and hit yes. 0:06:12.580000 --> 0:06:16.860000 All right. And on the proxy, I'm going to disable intercept. 0:06:16.860000 --> 0:06:20.760000 There we are. That's often we go to the target and to the site map. 0:06:20.760000 --> 0:06:23.040000 We can now go ahead and begin browsing. 0:06:23.040000 --> 0:06:25.240000 So I will just refresh this. 0:06:25.240000 --> 0:06:27.940000 So we get the initial site map at least. 0:06:27.940000 --> 0:06:33.820000 And if we take a look at BERP now, we have the actual target or site in 0:06:33.820000 --> 0:06:38.640000 scope. And, you know, just by refreshing the page, this is what we were 0:06:38.640000 --> 0:06:42.160000 able to get, you know, just by passive passively crawling. 0:06:42.160000 --> 0:06:46.920000 We have the documentation for Mutilidae, a documentation folder. 0:06:46.920000 --> 0:06:48.400000 We have an includes folder. 0:06:48.400000 --> 0:06:51.480000 And of course, we have a PHP folder, but nothing else. 0:06:51.480000 --> 0:06:54.900000 But we also have a setup PHP database. 0:06:54.900000 --> 0:06:56.800000 Script here, which is interesting. 0:06:56.800000 --> 0:06:59.320000 So you can always right click on a particular file. 0:06:59.320000 --> 0:07:03.680000 And you can open this up in your browser, but you can just copy the URL 0:07:03.680000 --> 0:07:07.760000 here. If you wanted to explore what the file contains, if I say paste 0:07:07.760000 --> 0:07:12.040000 and go, you can see that in this case, this looks like a database setup 0:07:12.040000 --> 0:07:16.160000 script. So the reason why I'm showing you this is primarily because in 0:07:16.160000 --> 0:07:19.800000 certain cases in development environments or on web applications that 0:07:19.800000 --> 0:07:23.840000 are still in development, you may see interesting files like this that 0:07:23.840000 --> 0:07:28.140000 could potentially lead you to discovering hidden functionality or the 0:07:28.140000 --> 0:07:29.980000 ability to even manipulate the website. 0:07:29.980000 --> 0:07:33.540000 But of course, that is quite extreme in this case. 0:07:33.540000 --> 0:07:38.280000 So again, you know, if we wanted to view the GET request and modify them, 0:07:38.280000 --> 0:07:41.520000 we can do that. We have the crawler active. 0:07:41.520000 --> 0:07:45.340000 So again, what we can pretty much do now is, you know, if we head back 0:07:45.340000 --> 0:07:50.680000 over, you can see that we can log in and register or log in or register 0:07:50.680000 --> 0:07:52.540000 and I'll show you what this looks like. 0:07:52.540000 --> 0:07:59.480000 So for example, if we take a look at BEP suite here and we go into the 0:07:59.480000 --> 0:08:03.720000 proxy and we turn on intercept and we know we try and log in with something 0:08:03.720000 --> 0:08:10.300000 like admin or other type that incorrectly, admin and password. 0:08:10.300000 --> 0:08:12.900000 And we log in, that'll be intercepted. 0:08:12.900000 --> 0:08:16.720000 So there we are. 0:08:16.720000 --> 0:08:18.320000 We see the parameters that we've passed. 0:08:18.320000 --> 0:08:21.600000 So we have the use name and the password. 0:08:21.600000 --> 0:08:24.640000 And this is where the intruder would typically come into play. 0:08:24.640000 --> 0:08:28.100000 We will be able to take this GET request and we can see the actual variables 0:08:28.100000 --> 0:08:32.540000 and the values of the parameters and the values like the use name parameter 0:08:32.540000 --> 0:08:35.700000 and the password parameter. 0:08:35.700000 --> 0:08:39.520000 And then we can sort of substitute this with our own values and then conduct 0:08:39.520000 --> 0:08:42.360000 a brute force attack with BEP suite, right? 0:08:42.360000 --> 0:08:43.480000 So fairly simple. 0:08:43.480000 --> 0:08:47.780000 What this means, you know, in this case, we're logging in as admin and 0:08:47.780000 --> 0:08:51.840000 password. But if I send this to the actual repeater where we can view 0:08:51.840000 --> 0:08:56.580000 responses, you know, if we say admin, password and send it, you can see 0:08:56.580000 --> 0:09:00.960000 that in this case, the response, if we render it, let's render the page 0:09:00.960000 --> 0:09:03.780000 here and we'll give it a couple of seconds. 0:09:03.780000 --> 0:09:06.900000 That should render without an issue, I think. 0:09:06.900000 --> 0:09:09.640000 But we have the raw HTML. 0:09:09.640000 --> 0:09:11.880000 Doesn't look like that's being rendered. 0:09:11.880000 --> 0:09:16.680000 But if we take a look at the raw HTML here, does it look like we logged 0:09:16.680000 --> 0:09:24.440000 in? We get an HTTP 200 OK response and we don't get any successful messages. 0:09:24.440000 --> 0:09:28.140000 But if we take a look at the render here, for some reason, it isn't being 0:09:28.140000 --> 0:09:32.840000 displayed. So we have the HTML there, the headers, so it's OK. 0:09:32.840000 --> 0:09:36.040000 If we change this to something like a Lexus for the username and then 0:09:36.040000 --> 0:09:39.380000 send that. You can see that that's also OK. 0:09:39.380000 --> 0:09:43.080000 But what we'll do, we'll go back to the proxy and we'll forward that. 0:09:43.080000 --> 0:09:44.960000 We'll also forward that as well. 0:09:44.960000 --> 0:09:46.940000 We take a look at the response in Firefox. 0:09:46.940000 --> 0:09:49.160000 You can see the password is incorrect. 0:09:49.160000 --> 0:09:52.420000 So again, I'm just showing you how you can again find potentially interesting 0:09:52.420000 --> 0:09:55.120000 files within the site map. 0:09:55.120000 --> 0:09:58.240000 So, you know, there we are, you know, how you can perform passive crawling 0:09:58.240000 --> 0:10:03.320000 with BEP Suite. And now you can identify a really cool or really interesting 0:10:03.320000 --> 0:10:05.300000 files and directories. 0:10:05.300000 --> 0:10:08.860000 So let's keep on navigating for a little bit. 0:10:08.860000 --> 0:10:12.420000 You can see we have OASP 2017. 0:10:12.420000 --> 0:10:19.300000 If we try and take a look at 2013 or rather 2010, not seeing what I'm 0:10:19.300000 --> 0:10:21.940000 looking for, but injection. 0:10:21.940000 --> 0:10:28.560000 Let's take a look at, for example, we can take a look at authentication 0:10:28.560000 --> 0:10:32.460000 bypass. Let's say via cookies, just as an example. 0:10:32.460000 --> 0:10:36.420000 I'll just turn off the intercept and we take a look at the target here. 0:10:36.420000 --> 0:10:39.900000 We're able to identify any new folders or any new files. 0:10:39.900000 --> 0:10:44.920000 Nothing yet. So we can just keep navigating. 0:10:44.920000 --> 0:10:47.060000 So there we are. 0:10:47.060000 --> 0:10:53.860000 And if we try to open up the robots .txt page, for example, let's see, 0:10:53.860000 --> 0:10:55.120000 that's always quite useful. 0:10:55.120000 --> 0:10:56.540000 So there we are. 0:10:56.540000 --> 0:10:58.720000 That tells us that, you know, we have these files. 0:10:58.720000 --> 0:11:01.680000 So again, the reason this is important or the reason BEP Suite is important 0:11:01.680000 --> 0:11:05.380000 in this case, because it'll keep this information saved for you. 0:11:05.380000 --> 0:11:09.900000 So in this case, did that display anything there? 0:11:09.900000 --> 0:11:11.200000 Let's see scope. 0:11:11.200000 --> 0:11:13.400000 That's still in scope here. 0:11:13.400000 --> 0:11:22.120000 And if we try to refresh this, so I'm just going to expand all, I'm going 0:11:22.120000 --> 0:11:23.840000 to expand the branch here. 0:11:23.840000 --> 0:11:27.800000 And let's see whether we can see those files, because the robots page 0:11:27.800000 --> 0:11:32.640000 should have highlighted that here when we browse to it. 0:11:32.640000 --> 0:11:35.200000 But let me make sure we have the proxy. 0:11:35.200000 --> 0:11:36.800000 So that's currently active. 0:11:36.800000 --> 0:11:40.980000 There we are. Intercept is currently set to off. 0:11:40.980000 --> 0:11:41.800000 But there we are. 0:11:41.800000 --> 0:11:44.380000 We have the config.inc folder. 0:11:44.380000 --> 0:11:48.120000 Let's see if we can see that password file. 0:11:48.120000 --> 0:11:54.900000 And this is ideally where information or functionality with regards to 0:11:54.900000 --> 0:11:58.780000 the filter, like searching for a term, would be very, very useful, which 0:11:58.780000 --> 0:12:03.560000 again is only available in the professional edition. 0:12:03.560000 --> 0:12:04.020000 So there we are. 0:12:04.020000 --> 0:12:06.500000 We can see we have a folder called passwords. 0:12:06.500000 --> 0:12:12.020000 It doesn't contain anything, but we can always copy the URL. 0:12:12.020000 --> 0:12:15.200000 So we can copy this particular GET request here. 0:12:15.200000 --> 0:12:19.080000 So copy this URL, open it up in the browser and let's see whether we have 0:12:19.080000 --> 0:12:20.300000 anything in there. 0:12:20.300000 --> 0:12:22.900000 So passwords, we have accounts.txt. 0:12:22.900000 --> 0:12:26.240000 And we get some credentials. 0:12:26.240000 --> 0:12:29.860000 But of course, this web application is intentionally vulnerable. 0:12:29.860000 --> 0:12:32.100000 We have the PHP My Admin directory. 0:12:32.100000 --> 0:12:35.420000 Now this is a very good example of what I'm talking about. 0:12:35.420000 --> 0:12:41.340000 So PHP My Admin is a web-based GUI solution that allows you to interact 0:12:41.340000 --> 0:12:46.720000 with your MySQL database as well as MariaDB database through your web 0:12:46.720000 --> 0:12:51.280000 browser. This is something that most web developers in development environments 0:12:51.280000 --> 0:12:53.960000 will typically leave unsecured. 0:12:53.960000 --> 0:12:57.900000 We can obviously confirm this by just copying that URL. 0:12:57.900000 --> 0:13:01.640000 And let's see what we're able to find or whether we can access PHP My 0:13:01.640000 --> 0:13:05.860000 Admin because it's typically blocked by a login page or login form. 0:13:05.860000 --> 0:13:09.320000 But if you are going to use something like PHP My Admin, you also want 0:13:09.320000 --> 0:13:14.180000 to limit it to particular IPs or set up authentication via Apache, for 0:13:14.180000 --> 0:13:16.840000 example, using a simple login form. 0:13:16.840000 --> 0:13:22.260000 And in this case, it looks like we can automatically log into PHP My Admin 0:13:22.260000 --> 0:13:23.940000 and you know what that means. 0:13:23.940000 --> 0:13:27.380000 It means we have access to the databases and we can pretty much modify 0:13:27.380000 --> 0:13:31.980000 data. This may seem like a very uncommon thing to happen, but trust me, 0:13:31.980000 --> 0:13:36.680000 I have run across cases where I found a vulnerable version of PHP My Admin 0:13:36.680000 --> 0:13:41.980000 running or one that is utilizing, you know, very basic credentials that 0:13:41.980000 --> 0:13:47.840000 I was able to brute force just with, um, just with something like the 0:13:47.840000 --> 0:13:49.380000 intruder or with burp. 0:13:49.380000 --> 0:13:52.360000 So I, you know, we click on the YouTube video stable here. 0:13:52.360000 --> 0:13:58.380000 You can see we have, uh, what appears to be YouTube videos and the identification 0:13:58.380000 --> 0:14:02.100000 token. So, you know, an attacker could potentially modify one of them 0:14:02.100000 --> 0:14:05.460000 to, uh, you know, to perform some basic defasements. 0:14:05.460000 --> 0:14:09.760000 Uh, but if we take a look at accounts here, we can see that we have the 0:14:09.760000 --> 0:14:12.960000 admin account and, uh, the password is admin pass. 0:14:12.960000 --> 0:14:19.140000 So that means if we go into the actual, uh, sitemap here or we just go 0:14:19.140000 --> 0:14:25.300000 back in here and into the login request, uh, that we made, uh, there we 0:14:25.300000 --> 0:14:30.400000 are. We can send this to the repeater and we can see that, uh, the password 0:14:30.400000 --> 0:14:34.480000 is admin pass. And we can send this. 0:14:34.480000 --> 0:14:38.820000 And in this case, it says that that's not found. 0:14:38.820000 --> 0:14:41.200000 That's a very, very weird. 0:14:41.200000 --> 0:14:43.680000 Uh, let's confirm the credentials again. 0:14:43.680000 --> 0:14:46.500000 So admin admin pass that should work. 0:14:46.500000 --> 0:14:50.740000 Uh, this is for the actual web application, but we can try and log in. 0:14:50.740000 --> 0:14:52.880000 I'm not sure why this isn't working. 0:14:52.880000 --> 0:14:54.760000 Uh, follow redirection. 0:14:54.760000 --> 0:14:59.100000 There we are. If we take a look at the render, uh, embedded browser, which 0:14:59.100000 --> 0:15:04.180000 again looks like it failed, but, um, you know, we should, uh, this should 0:15:04.180000 --> 0:15:06.040000 have logged in successfully. 0:15:06.040000 --> 0:15:10.040000 Um, but yeah, this is, uh, you know, you should now be getting a very 0:15:10.040000 --> 0:15:14.460000 good idea of how to utilize burp burp is a really, really powerful tool. 0:15:14.460000 --> 0:15:17.880000 And once you understand all of these modules, all of these tabs and what 0:15:17.880000 --> 0:15:21.920000 they used for, I mean, you'll become a power user within, uh, no time. 0:15:21.920000 --> 0:15:25.620000 So just as a final example, let's see what else we were able to find. 0:15:25.620000 --> 0:15:27.840000 So we have a PHP, my admin folder. 0:15:27.840000 --> 0:15:31.760000 We also have an OAS, uh, E S API. 0:15:31.760000 --> 0:15:34.640000 Um, you know, API is a very, very useful to find. 0:15:34.640000 --> 0:15:38.040000 We also find JavaScript and then SQL dot PHP file. 0:15:38.040000 --> 0:15:41.000000 So we can always, uh, you know, like expand this here. 0:15:41.000000 --> 0:15:47.240000 And these look like database queries, uh, that contain, uh, yeah, just 0:15:47.240000 --> 0:15:49.220000 a SQL, uh, queries. 0:15:49.220000 --> 0:15:52.600000 It looks like with specific tokens, but of course this is something we'll 0:15:52.600000 --> 0:15:54.100000 be exploring in another course. 0:15:54.100000 --> 0:15:59.100000 I don't want to get into two, into the specifics of, um, you know, specific 0:15:59.100000 --> 0:16:00.380000 vulnerabilities. 0:16:00.380000 --> 0:16:05.000000 Uh, but that is how to perform passive crawling on a, you know, vulnerable 0:16:05.000000 --> 0:16:09.580000 web application on, or on a real web application, preferably in the development 0:16:09.580000 --> 0:16:14.300000 environment with burp suite, uh, specifically burp suite community edition. 0:16:14.300000 --> 0:16:18.000000 And that will conclude the practical demonstration side of this video.