![]() ![]() Also, check “URL to body” and “Body to URL” so that we can be able to check whether any POST requests can be sent as GET requests. If you decide to manually configure your options, remember to have “URL path filename” and “URL path folders” since we will be working with REST calls. If you don’t want to go with the templates provided, you can also select a “New” configuration where you can manually specify drilled-down options - for instance, determining Crawl Limits and Crawl Optimization settings: These template options allow you to determine the intensity and duration of your scan or audit. We then configure our “Scan configuration,” allowing us to select a proper template for either an audit or scan or both.As shown below, we selected both a crawl and an audit of the resources discovered within the URL: Right click on the target within the sitemap and select “Scan.” Burp will present the screen below, requiring that you configure appropriate “Scan details.” From this screen, you are able to determine whether you want to Crawl (Spider) or Audit (Scan) your target for resources and vulnerabilities. Now it’s time to configure our Scanner or Spider Options.You can further restrict items shown on the sitemap by clicking on the filter bar and enabling the checkbox that says “Show only in-scope items.” See below: ![]() The target has now been added to scope.Answer “Yes” to maintain a smaller Burp save file As can be seen below, Burp then asks you whether or not to log out-of-scope items. Burp gives you an option to even directly paste the URL. Click on the “Target” tab then add a target URL for scanning.To set the Spider and the Scanner options, follow the steps below: ![]()
0 Comments
Leave a Reply. |