In some cases you want to run a manual crawling using one of the predefined dictionary file, to do this perform the following steps:
- Select the root path; in our example, it's mutillidae, because this is our starting point for crawling. Next, right-click on the request and send it to the Intruder tab:
- At this point, the Intruder tab will start blinking, which tells you that it's ready (let's click on the Intruder tab). The first thing that you will encounter in the Intruder tab is the Target section; leave it as it is, and move on to the Positions section:
- In the Positions sub-tab, leave the attack type to Sniper, and write any word (in my case, I've chosen the word attack) after mutillidae/. After that, we need to make sure that we have a clean slate, so click on the Clear button to remove any pre-generated positions:
- Next, select the word that you just wrote. In the preceding screenshot, I selected the word attack and clicked on the Add button, to tell Burp that this is where I am going to fuzz for directories:
- After that, click on the Payloads tab, and make sure that the Payload type is a simple list. Next, select Directories – short from the Add from list ... drop-down menu. You're now ready to click on the Start Attack button, which will launch a pop-up window to show you the progress of the results:
- Finally, click on the Status column header to sort the items by the response status code. For the Mutillidae application, I found an interesting passwords region (see the preceding screenshot). I will leave it as an exercise for you to check the contents of the passwords directory:
You can use the Repeater tab, which we will explore in upcoming sections, to verify the preceding findings.