Burp is the most widely used tool for application security testing as it has functions that are similar to ZAP, with some distinctive features and an easy to use interface. Burp can do much more than just spidering a website, but for now, as a part of the reconnaissance phase, we will cover this feature.
Start Burp Suite by going to Kali's Applications menu and then navigate to 03 Web Application Analysis | Web Application Proxies | burpsuite, as shown in the following screenshot:
Then, configure the browser to use it as a proxy through port 8080, as we did previously with ZAP.
- Burp's proxy is configured by default to intercept all requests. We need to disable it to browse without interruptions. Go to the Proxy tab and click on the Intercept is on button; it will change to Intercept is off, as shown:
- Now, in the web browser, go to
http://192.168.56.102/bodgeit/. - In Burp's window, when we go to the Target tab, we will see that it has the information of the sites we are browsing and the requests the browser makes:
- Now, to activate the spider, we right-click on the
bodgeitfolder and select Spider this branch from the menu.
- Burp will ask if we want to add the item to scope, we click on Yes. By default, Burp's spider only crawls over the items matching the patterns defined in the Scope tab inside the Target tab.
- After this, the spider will start. When it detects a login form, it will ask us for the login credentials. We can ignore it and the spider will continue or we can submit some test values and the spider will fill in those values into the form. Let's fill both the fields user name and password with the word
testand then click on Submit form:
- Next, we will be asked to fill in the username and password for the registration page. We will ignore this form by clicking on Ignore form.
- We can check the spider status in the Spider tab. We can also stop it by clicking on the Spider is running button. Let's stop it now, as shown:
- We can check the results that the spider is generating in the Site map tab, inside Target. Let's look at the login request we filled in earlier:
Burp's spider follows the same methodology as other spiders, but it operates in a slightly different way. We can have it running while we browse the site and it will add the links we follow (that match the scope definition) to the crawling queue.
Just like in ZAP, we can use Burp's crawling results to perform any operation; we can perform any request, such as scanning (if we have the paid version), repeat, compare, fuzz, view in browser, and so on.