Using Burp Suite Spider
To effectively attack a web application, it is important to be aware of all hosted web content on the server. Multiple techniques can be used to discover the full attack surface of the web application. One tool that can quickly identify linked content that is referenced in the web pages of the target is the Spider tool. In this recipe, we will discuss how to spider the Web to identify in-scope content using Burp Suite.
Getting ready
To use Burp Suite to perform web application analysis against a target, you will need to have a remote system that is running one or more web applications. In the examples provided, an instance of Metasploitable2 is used to perform this task. Metasploitable2 has several preinstalled vulnerable web applications running on TCP port 80
. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started, of this book. Additionally, your web browser will need to be configured to proxy...