Ethical Hacking With Kali Linux: Learn Fast How To Hack Like A Pro by HUGO HOFFMAN & HUGO HOFFMAN

Author:HUGO HOFFMAN & HUGO HOFFMAN [HOFFMAN, HUGO]
Language: eng
Format: azw3, epub
Published: 2020-04-11T16:00:00+00:00

Chapter 13 Target setup for Burp Scanner

A good environment for web penetration testing is the mutillidae.com website, which is already installed on a “metasploitable” machine. The “metasploitable” is a Linux operating system and is preconfigured for penetration testing purposes.

To download a copy of the metasploitable host, you need to browse to the project website at sourceforge.net and download a copy of the virtual machine by clicking on the metasploitable Linux zip item.

To see the mutillidae.com website in your browser, enter the IP address of your metasploitable machine, which in your case it will be a private address. Followed by the web application name, which is mutillidae.

Next, you need to enable the Burp proxy by selecting it from the foxy proxy menu, which you installed in the previous chapter. Switch back to Burp proxy, click the Proxy tab, then the Intercept tab, and then click on the Intercept button to turn it off.

You don’t need to intercept any requests for the time being. Next, click on the Target tab and make sure that the site map tab is selected. You should see the mutillidae URL that you just trapped and forwarded.

The next step you need to do is to add it to the scope. Right click on the mutillidae folder and select the “Add to scope” item. The scope defines where automated spidering and testing could occur, and helps you to not actively scan domains that are out of your scope.

Vulnerability scanners are automated tools that crawl an application to identify the signatures of known vulnerabilities. Vulnerability scanners are noisy and are usually detected by the victim.

But, scans frequently get ignored as part of regular background probing across the internet. Burp scanner is a dynamic web application scanner included in the professional addition of the Burp Suite software.

The tool allows you to automatically scan websites and detect common security flaws, including SQL injection, cross site scripting, XML injection, missing cookie flags, and much more.

In this chapter, I will explain to you how to use Burp Suite to accomplish a full complete scan. Once again, you will use the mutillidae.com website to accomplish your goal. Please check the previous chapter in order to understand the basics of how to use Burp Suite before moving on.

Once you ready, click on the foxy proxy icon to enable the Burp Suite proxy, and select your proxy from the list. Refresh the page and switch back to Burp Suite. Select the Proxy tab then the Intercept tab and switch off the interception.

By default, Burp scanner is configured to perform passive scanning on all domains, while active scanning is disabled. In Burp scanner tab, select “Live scanning” and make sure that the “use suite scope” option is selected in the live active scanning section.

Next, select the Target tab then the Sitemap tab, and expand your target. Next, it's time to start spidering the application, so switch to the Spider tab to see the progress of the spidering.

Once the numbers stop from going up, it means that it has finished the execution process.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.