Burp Suite's proxy is configured by default to intercept all requests, this time we want to browse without interruptions so we need to disable it (Proxy | Intercept | Intercept is on). Then proceed with the following steps:
- Once using Burp Suite's proxy, in your browser go to bWAPP (http://192.168.56.11/bWAPP); this will register the site and directory on Burp's Target and Proxy tabs.
- Go to Target | Site map and right-click on the bWAPP folder inside http://192.168.56.11, then select Spider this branch from the context menu:
- An alert will pop up asking if you want to scan an out-of-scope element (only if you haven't added it to the scope). Click Yes to add it and the spidering will start.
- At some point, the spider will find a registration or login form; when this happens Burp Suite will show you a dialog asking for information on how to fill the form's fields. We can ignore it and spider will continue, or we can submit some test values and the spider will fill in those values:
- We can check the spider status in the Spider tab. We can also stop it by clicking on the Spider is running button. Let's stop it now:
- We can also see how the branch in the Target tab is being populated as the spider finds new pages and directories:
