Visualizing the application structure using Burp Target
In the previous section, you saw how an application can be mapped by using Burp in the Target
tab. In this section, I want you to learn how Burp Target works (in a simplified way) so that you can handle the workflow when you're doing the pen tests.
The Burp Target tool offers you the following functionalities (I will only list the important ones):
- Visualize the application structure using the
Site Map
tab. - Define the scope of your target website using
Add To Scope
. - Spider the web application to discover more contents using
Spider this branch
. - Search for hidden contents using the
Discover Content
functionality. - Conduct a passive scan, using
Passively Scan this branch
to identify some vulnerabilities. - List comments, scripts, and references by using the
Engagement Tools
menu. - Analyze the web application target to identify all of the dynamic URLs and parameters by using
Analyze Target
. - Send web requests to another tool tab (for example,
Repeater...