From the course: Burp Suite Essential Training
Join today to access over 24,900 courses taught by industry experts.
Finding hidden webpages - Burp Suite Tutorial
From the course: Burp Suite Essential Training
Finding hidden webpages
- [Instructor] It's not unusual to find a web server which has a number of web applications, each with their own route or has special administrative pages in the website, which are accessible only by direct reference and not linked at all to the main web route. As an example, PHP web applications may have a standalone PHP info or my PHP admin page. Let's take a look at one of the servers at the main Hack The Box lab at address 10.10.10.191. This is a target called Blunder. We can use special tools, such as dirb, Gobuster and DirBuster to look for hidden web pages but we also have this capability directly available in Burp Suite. Let's take a look at how Burp Suite finds pages, which are not directly linked to the main web application. We'll switch off intercept, and then go to target, scope, and we'll add 10.10.10.191 to the target code. This will focus our search results. Okay, let's go back to proxy and open a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.