> For the complete documentation index, see [llms.txt](https://infosecgirls.gitbook.io/infosecgirls-training/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://infosecgirls.gitbook.io/infosecgirls-training/appsec/web-application-pentesting/a6_security-misconfiguration/security-misconfiguration-in-mutillidae.md).

# Security Misconfiguration in Mutillidae

## Security Misconfiguration in Mutillidae

Let's open the BurpSuite and ensure that Burp is correctly configured with your browser.

Ensure Burp Proxy "Intercept is off".

<div align="left"><img src="/files/-Lz06m-GmbNkq0aQDNBv" alt=""></div>

Open “Mutillidae” **:** [**http://192.168.56.101:3333**](http://192.168.56.101:3333)

<div align="left"><img src="https://pro.portswigger.net/sc/OWASP_SecurityMisconfiguration_1.png" alt=""></div>

In your browser, visit the page of the web application you are testing.

In this example start by browsing to the Mutillidae home page. Return to Burp.

Select the "**Target**" tab and then the "**Site map**" tab. Locate and right click on the "Mutillidae" folder to bring up the context menu..

Click "**Spider** from here".

<div align="left"><img src="/files/-Lz06j_U2adO6H9im2fv" alt=""></div>

<div align="left"><img src="/files/-Lz06gVQ3gxMwh-WuEvi" alt=""></div>

Go to the "**Target**" tab and then the "**Site map**" tab.

Here you can view the site map for the web application which has been populated by Burp **Spider.**

<div align="left"><img src="/files/-Lz06dRB7pVrhK9o7Uyn" alt=""></div>

For example, if you have passive scanning enabled when you spider this application, "Directory listing" will be included in the Scanner "Results" tab.

Select an interesting branch from the **Site map**. In this case we will explore the "Includes" directory.

<div align="left"><img src="https://pro.portswigger.net/sc/OWASP_SecurityMisconfiguration_4.png" alt=""></div>

Return to your browser and access the directories you have chosen to investigate by adding the directory name to the URL.

In this example: /mutillidae/includes/.

<div align="left"><img src="https://pro.portswigger.net/sc/OWASP_SecurityMisconfiguration_5.png" alt=""></div>

**Explore the links in each file and directory you are able to find Info.**

## **Reference:-**

<http://www.defaultpassword.com/>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infosecgirls.gitbook.io/infosecgirls-training/appsec/web-application-pentesting/a6_security-misconfiguration/security-misconfiguration-in-mutillidae.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.