Populating Burp Suite’s Sitemap using SpiderSuite crawler
Have you ever wanted to increase the target’s attack surface on Burp Suite’s sitemap when performing web penetration testing, well I know I have and I’m going to show you how to archive so with the help from Spider Suite crawler.
What is Burp Suite?
Burp Suite is an integrated platform for performing security test of web applications. With Burp Suite you are able to perform many manual and automated security test on a target site as it was built for this purpose and it is the most popular tool for performing web penetration testing.
What is Spider Suite?
Spider Suite is an advance web security crawler. I developed it in hopes of helping security researchers when performing web security test. It crawls and maps the target’s attack surface.
Most of the time when using Burp Suite (I’m currently using the community version) I find that I can only produce a very limited attack surface on the target by manually navigating through the target site and I always can’t stop but wonder that the bug or security issue I’m looking for is in one of the page that I couldn’t successfully map.
In all fairness the Burp Suite’s professional and enterprise version does come with a crawler/spider which you can use to automatically map the target attack surface.
Since Burp Suite is a proxy and Spider Suite allows proxy connection you are able to redirect all the Spider Suite crawler’s traffic through Burp Proxy and map all the crawled pages on Burp Suite’s target sitemap. You can easily achieve this by configuring SpiderSuite’s proxy connection to Burp Suite.
Here is a short guide on how you can do so:
Launching Burp Suite
- Open your burp application and enable passive crawling.
- Set the target scope.
- Set the address and port for the proxy.
- Turn off the Proxy Interceptor
Setup Spider Suite Proxy Connection
- Open your Spider Suite application.
- Go to the menu bar Options > Preference
- Go to the Proxy Tab, then enable Use Proxy and setup Host and Port details and save the configuration.
You can setup other crawler configurations and limits to you liking and save the settings.
Start crawling
Start the crawling and both Burp Suite and Spider Suite’s target sitemaps will be populated by the crawl results.
Results:
Thank you for taking your time reading this post, please help sharing it to your peers if you find it useful.
