**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
2. Crawl Paths
Burp Scanner inherently utilizes a built-in Chromium browser to explore a target site while conducting the crawl stage of a scan. This approach allows it to uncover dynamic elements in a manner like an experienced manual tester, identifying content that traditional scanners could overlook.
The Crawl paths tab presents the outcomes of this exploration as it unfolds, outlining the steps executed by Burp Scanner to navigate to each identified area within the target site, along with any problems detected at those points.
How to Access?
The Crawl Paths tab is accessible from two distinct points:
- For a collective overview of path data pertaining to all standard, non-isolated scans within the current project, navigate to Target > Crawl paths. The data in this tab is cumulative, with each new non-isolated scan contributing additional information.
- For specifics on the paths of an isolated scan, proceed to the Dashboard tab and choose the desired scan from the Tasks list. Within the main panel, select the Target > Crawl paths tab. This particular tab is exclusive to the selected scan and does not aggregate data from other scans. It is visible solely for scans designated with the Run isolated scan option.
Crawl Paths
The initial crawl path to location display reveals every site identified by Burp Scanner throughout the scanning process’s crawl stage. The panel’s hierarchical layout allows for the visualization of the trajectory followed by the Burp Scanner to pinpoint each site. The paths encompass activities like activating links, completing forms, and initiating requests to concealed URLs.
For a visual capture of Burp’s browser at a specific crawl site, choose a point and then select the ‘Show screenshot’ option.
The HTTP Requests
To examine additional details about the HTTP requests and responses issued at a specific juncture, choose a node within the First crawl path to the location panel. The HTTP messages tab provides a detailed account of the communications dispatched to arrive at the chosen site, encompassing:
- Host
- Method
- URL
- Params
- Status code
- Length
- MIME type
- Title
- Time requested
Opt to select a message to scrutinize the unprocessed request and response showcased in the subsequent tabs.
Each target URL is appended with fragments, enhancing the clarity of the results yielded by specific actions.
Viewing the Issues
When the scan is set up for both auditing and crawling, the initial panel detailing the crawl path to each location also includes information on any detected issues.
An icon appears next to the corresponding node in the tree structure when an issue is identified, illustrating the route Burp Scanner followed to uncover the issue and aid in its potential replication.
In instances where a node encompasses multiple sub-nodes, the icon representing the most critical issue among its descendants is displayed. For instance, if the offspring of a node includes one issue of high severity and ten of only informational significance, the icon for a high-severity issue will be shown on the parent node.
To delve into the issues uncovered at a specific spot, choose that location from the initial crawl path to the location panel and proceed to the Issues tab. This section lists all the issues detected at the chosen spot during the scan. By selecting an issue, you can access detailed information about the particular requests and resources that led to its identification, along with a tab that provides advisory details.
The Outlinks
To inspect all conceivable navigational steps that the crawler could execute from a specific point in the crawl path, access the Outlinks tab. Such steps might involve actions like link activation, form submissions, and request initiations.
For every navigational step executed by the crawler from the chosen point, additional information is presented, which includes:
- Destination URL - The endpoint URL to which the crawler proceeds.
- Title - The heading of the endpoint page, provided one exists.
- Issues - Any problems detected on the endpoint page, shown only if the scan is set to perform both audit and crawl functions.
- Requests - The tally of requests generated by the action.
- Time visited - The timestamp marking when the crawler performed the action.
