Web Application Pentesting Tools can prove to be very helpful while performing penetration testing.
In this lab exercise, we will take a look at how to use Burp Suite to perform passive crawling on the Mutillidae web application.
Step 1: Open the lab link to access the Kali machine.
Step 2: Check if the target machine is reachable:
Command:
ping -c 4 demo.ine.local
The target is reachable.
Step 3: Run an nmap scan against the target:
Command:
nmap -sS -sV demo.ine.local
Port 80 and 3306 are open.
Step 4: Access the web application using firefox.
Command:
firefox http://demo.ine.local
Step 5: The target is running OWASP Mutillidae II. Configure the firefox browser to use burp suite proxy.
Step 6: Start burp suite.
Go to the Proxy tab, and turn off the intercept.
Step 7: Navigate to the Dashboard tab.
You will see that Passive Crawling is enabled.
Browse the Mutillidae application and burp will automatically crawl the visited pages.
The passive crawler statistics are mentioned.
Step 8: Go to the "HTTP history" tab under Proxy.
The visited web pages will appear under this tab.
Step 9: Navigate to “Target” tab and the sitemap of the web application will be displayed.
In this lab, we saw how to use Burp Suite to perform passive crawling on a web application.