Security Misconfiguration in Mutillidae
Last updated
Last updated
Let's open the BurpSuite and ensure that Burp is correctly configured with your browser.
Ensure Burp Proxy "Intercept is off".
Open “Mutillidae” : http://192.168.56.101:3333
In your browser, visit the page of the web application you are testing.
In this example start by browsing to the Mutillidae home page. Return to Burp.
Select the "Target" tab and then the "Site map" tab. Locate and right click on the "Mutillidae" folder to bring up the context menu..
Click "Spider from here".
Go to the "Target" tab and then the "Site map" tab.
Here you can view the site map for the web application which has been populated by Burp Spider.
For example, if you have passive scanning enabled when you spider this application, "Directory listing" will be included in the Scanner "Results" tab.
Select an interesting branch from the Site map. In this case we will explore the "Includes" directory.
Return to your browser and access the directories you have chosen to investigate by adding the directory name to the URL.
In this example: /mutillidae/includes/.
Explore the links in each file and directory you are able to find Info.