Switch to the Burp Extender tab. Go to the BApp Store and find the plugin labeled Manual Scan Issues. Click the Install button:
Return to the Firefox browser and browse to the Mutillidae homepage.
Switch to the Burp Proxy | HTTP history tab and find the request you just made browsing to the homepage. Click the Response tab. Note the overly verbose Server header indicating the web server type and version along with the operating system and programming language used. This information can be used by an attacker to fingerprint the technology stack and identify vulnerabilities that can be exploited:
Since this is a finding, we need to create a new issue manually to capture it for our report. While viewing the Request, right-click and select Add Issue, as follows:
A pop-up dialog box appears. Within the General tab, we can create a new issue name of Information Leakage in Server Response. Obviously, you may add more verbiage around the issue detail, background, and remediation areas, as follows:
If we flip to the HTTP Request tab, we can copy and paste into the text area the contents of the Request tab found within the message editor, as follows:
If we flip to the HTTP Response tab, we can copy and paste into the text area the contents of the Response tab found within the message editor.
Once completed, flip back to the General tab and click the Import Findingbutton. You should see the newly-created scan issue added to the Issues window, as follows:
