LAB 22

Burp Suite with Spider Function

1. Introduction
Burp Suite is a web application pentest tool. This is not a "good idea" tool like
Acunetix, which only supports one for the tester in the pentest process. With a trial
try, anyone can use Burp Suite to test web applications. Advanced features of the
Burp will help testers improve their skills and qualifications further. Out, Burp
interface is also very intuitive and friendly.

2. Preparation
- Download and install the free Burp Suite:
https://portswigger.net/burp/freedownload
- The computer runs the operating system window. Describes the activity of the
firewall on the system.
- mysql source code - phpmyadmin
https://www.phpmyadmin.net/downloads/
- XAMPP download under the following link:
https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
win32-5.6.31-0-VC11-installer.exe?from_af=true
- DVWA download the following link:
http://www.dvwa.co.uk/
- Browser chrome, firefox 10.0, 7zip, Notepadd ++.
-
3. Implementation steps
- Open firefox click perferences> click on Advanced

- Select as in picture
- Click Start Burp to begin burp suiteAfter burp suite on > click proxy
- Click options and input as in picture
 - On this situation I use Kali linux firefox to 192.168.139.129/DVWA
http://192.168.139.129 = ipv4 machines running dvwa on local

- Click target > click site map

- Choose http://192.168.139.129