Burp

https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/certificate/firefox

Steps to import for SSL

Run Burp
Open http://burpsuite
Download the Certificate (top-right)
Import into Firefox
- Settings > Certificates > Import

Url Encode

Burp highlight.. and Ctrl-U ..to url encode a section!

Spider

Wont find hidden pages, but will pull obscure/linked ones

Target > Site Map > Spider This Host

app.js  ..send to repeater

../partials/admin.html      ..found: Download-Backups
../api/users                ..found: password/hashes on page

Discovery

Scenario: gobuster is blocked
Grab the User-Agent String, and re-use with goboster

burp > discovery > Copy User-Agent String

gobuster -u http://$IP:3000 -w medium.txt 
-a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'
.. still no help

Previous*Favorites NextDirb nikto wpscan etc

Last updated 1 year ago