Burp Suite Complete Tutorial ( Part-3 Target Tab)
Burp Suite Target tab
Burp Suites Target Tab gives us all vital information about our target functionalities and content. a site map shows the content of target neatly and easy to access by applying scopes to target.Target Tab is all about discovering target applications content with functionality with the site map and with the scope we can only focus on things we want to test.
Now we will see about the sub-tabs of Target Tab
- Site Map
- Scope
- Issue Definitions.
Burp Suite Target Site Map
In Burp Suite we can see target application thoroughly and with this application, we can see we can find many juicy things about the target (parameters, status code, length, MIME type etc.)
Discovering Target Manually
- First Set up burp proxy with browser.
- After intercepting the first request turn off Intercept but keep proxy running.
- Now go in a browser and manually browse every page, fill in all forms, login in where it requires ( basically explore application)
- After manually mapping in the browser you will see content and functionality we browsed in is showing in Burp suites target site map.
After completing this step you will see that new pages and contents are filling up in our burp suite site maps with lots of information in it like Hosts, URL, Status code, length, MIME type, and also when looking in Requests and responses sub-tabs you can see a whole lot of information about that webpage such as raw requests, parameters, headers and Hex.
Pro Tip - Always pay your attention to parameters because sometimes comes with very confidential login admin pages or restricted webpages for other users. (those can be great find)
Burp Suite Site Map Display Filters
Many times website has a very large amount of content in them (Found more that lacks pages in some) so it can be so time-consuming to evaluate them all by one. so if we found tons of content on the site then we will filter that website with the things we want.
Click on the filter and it looks like this.
- Filter by request type -
If you working on a website that gives you a fixed scope to work with then you check that box to stop wasting your time in other stuff around there.
burp suite crawls on the website more than you requested sometimes so checking out show only requested items can help you here. Also, I told you above that parameterized requests can sometimes be great find so check out show only parameterized requests if you want to find them.
keep checked up hide not found items till you don't want to fill up your site map with garbage pages.
Filter by MIME Type
MIME - (Multipurpose Internet Mail Extensions)
This Filter can be very useful when you need to find some given ready to in burp suites extensions like HTML or Image
Along with that, we have a script, XML, Other texts, Flash, and other binary extensions.
This filter can be used as per requirement for extensions shown in the list but be can also do a broad search we will see it in the filter by extension
Filter by Status Code
Status Codes are HTTP response codes that help us to understand the webpage's response in codes. there are lots of codes present but here I will show you some important ones.- 200 - OK. Simply means the webpage is up and responds the correct way it should be.
- 301 - Moved Permanently. a webpage is redirected permanently to another URL.
- 404 - Not Found. webpage not found that URL.
- 500 - Internal Server error. The server encountered a several conditions where requests which is preventing it to fulfilling requests.
- Also always check for Hide empty folders. you surely don't want to waste your time there.
Filter by Extensions -
Very important filter to sort out site map for extensions we specifically want to test for.
Unlike MIME type we can specify here what extensions we want to search for which gives us very good information about target
HTML, PHP, JS, ASPX and CSS are common extentions.
Check out for more.
Pro Tip - While exploiting file upload vulnerabilities it's sometimes difficult to find where it is saved in the server so using these extensions to filter can save lots of time.
Also, we have two checkboxes here, Show only and hide.
use them accordingly.
- Filtering by comment or annotations can also be useful if you need to find them in thousands of webpages. (obviously, you need to comment and annotate first)
Target tab Testing Workflow
Target tab and tools in it act like sorting our attack scopes and other important in scope items and also working as a bridge in between other burp suite tools and functionalities.
we will be going to see all the important functions used for penetration testing and bug bounty.
After discovering what we want to test then right-click on it (also called context) and you will see the second option is add to the scope.
Similarly, if you want to remove from scope right click and hit remove from a scope. (if you added in scope)
Now, using site map you found out some parameters which can be fuzz using dictionary then you can directly send that request to burp suite intruder tool using this context.
also, you can send it to test manually using a burp suite repeater.
similarly to test request or response using comparer and sequencer.
But the catch here is instead of interacting with web server it interacts with burp proxy and gives us render response like original web server. all additional requests are handled bu browser itself.
This feature works better than burp suites inbuilt HTML renderer and also browser makes additional requests for CSS or images etc.
you can use this to open requests in your browser which is already configured to burp proxy before.
you can use two types of options here.
we will be going to see all the important functions used for penetration testing and bug bounty.
Add to or remove from Scope.
After discovering what we want to test then right-click on it (also called context) and you will see the second option is add to the scope.
Similarly, if you want to remove from scope right click and hit remove from a scope. (if you added in scope)
Send to ___ Functionality.
Now, using site map you found out some parameters which can be fuzz using dictionary then you can directly send that request to burp suite intruder tool using this context.
also, you can send it to test manually using a burp suite repeater.
similarly to test request or response using comparer and sequencer.
Show Response in Browser
But the catch here is instead of interacting with web server it interacts with burp proxy and gives us render response like original web server. all additional requests are handled bu browser itself.
This feature works better than burp suites inbuilt HTML renderer and also browser makes additional requests for CSS or images etc.
Request in Browser
you can use this to open requests in your browser which is already configured to burp proxy before.
you can use two types of options here.
- In original Session - In this type exact cookie header is used while issuing the request which appeared in original request sent by a burp.
- In current browser session - this feature works as it cookie header is used issuing requests which supplied by your browser.
like you are logged in as an ordinary user in web server but you can reissue that request with cookies to different user contexts such as administrator which is very easy to do by using this so you don't have to modify and process cookies over and over using the proxy.
Compare Site Maps
This powerful feature of the burp suite can be used for many different purposes. best works with access control vulnerability.
you can simply compare two site maps with all information between them like request, response, and headers. gives us wide overview to find and the difference that can be exploitable.
Annotations in Site Map
You can highlight URL using two ways.
- simply using host column which is rightmost column use dropdown menu from there to use various colours to highlight.
- Right-click on URL and select highlight and also which colour you want.
- Double click on empty space in comment column and type whatever you want to comment in there.
- right-click and hit on add comment on URL you want to comment on.
Burp Suite Target Scope
Adding a scope configuration can affect other functionality of burp, like:
- setting up display filters and site map using a scope.
- set proxy to intercept only in scope responses.
- configuring burp suites Repeater and Intruder for in scope URL's only.
Here you can specify protocol, port, IP ranges, and files also.
You can add or exclude host or URL within scope using exclude from scope to exclude something.
Issue Definition
These issues can be used for gaining more information about that topic and also gives out some links to help in further exploiting those vulnerabilities.
this gives a description, remediation, and reference resources about those issues.
Also helpful to understand the severity of that issue.