Stratos Ally

Subscribe
Subscribe
Facebook-square Instagram Linkedin Youtube X-twitter

BurpSuite Target Pane – Part 1 

Picture of StratosAlly

StratosAlly

Facebook-square Instagram Linkedin Youtube X-twitter
BurpSuite -Proxy Settings – Part 2

**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.** 

 The Target utility allows you to specify the objectives relevant to your ongoing project. Additionally, it features a site map and a Crawl paths section, providing comprehensive insights into your target applications. This data regarding the content and capabilities of your target application can be utilized to guide the process of your security testing. 

There are mainly four tabs under Target 

  • Sitemap 
  • Crawl paths 
  • Issue Definitions 
  • Scope settings 
  1. Sitemap 

    The site map presents data gathered by Burp during your examination of the target application. It forms a structured layout of this data, sorted first by the primary domain and then by subdomains in alphabetical order. The content is sourced from a variety of inputs, such as scanning outcomes and URLs identified through manual navigation of the target. Additionally, it displays: 

    • An inventory of the items. 
    • Complete request and response details for each element. 
    • Comprehensive details on any vulnerabilities identified by Burp. 

    This data can be organized and personalized through filtering and notes, aiding in its management. The site map also facilitates the transfer of content to other Burp tools, thereby streamlining your security testing process. 

    Ways to Access Sitemap 

    The site map is accessible from two distinct points: 

    • For a collective map that includes data from all standard scans that are not isolated within the current project, navigate to Target > Site map. The tab will update to show information from any additional standard scans you initiate. 
    • For site map details specific to an isolated scan, proceed to the Dashboard and choose the desired scan from the Tasks list. Within the main window, select the Target > Site map tab. This view is exclusive to the selected isolated scan and does not amalgamate data from other scans. It appears only for scans conducted with the Run isolated scan option activated. 

    The Tree View 

    The left-side pane’s tree view offers an organized depiction of the content in a hierarchical format. In the tree view, URLs are categorized as: 

    • Domains 
    • Directories 
    • Files 
    • Requests with parameters 

    The arrangement within the tree view follows an alphabetical order, prioritizing the root domain followed by the subdomain. 

    By delving into specific branches that capture your interest, you can uncover further information. Selecting segments of the tree allows you to view detailed data about those items in the Contents and Issues sections. These sections will also display information pertaining to any subordinate branches related to your chosen segments. 

    Icons in Tree View 

    During a live audit or when the Burp Scanner identifies problems, the corresponding icons in the tree view are marked with colored indicators. The hue of the indicator reflects the severity of the security concern for each branch or item. By clicking on the icon, you can bring up the associated issues in the Issues pane. The color coding for the indicators in the tree view and the issues listed in the Issues pane is consistent. 

    If an icon’s adjacent text appears in black, it signifies that the URL has been accessed. Conversely, if the text is in a lighter shade, it indicates that the URL is yet to be accessed. The layout of the site map is customizable. 

    Contents Section 

    The Contents section displays details for selections made in the tree view, encompassing: 

    • Resources directly retrieved through the Proxy. 
    • Potential content inferred from Burp’s interpretation of proxy response data. 
    • Discoveries made by the scanner or through content discovery features. 
    • Elements you have incorporated manually from other tools’ outputs. 

    A black-colored item indicates an accessed URL, while a gray-colored one signifies it has not been accessed. Burp employs discovered links to identify additional content, which is then presented in gray. 

    For a more focused analysis of the target application, you can employ site map filters and define the target scope to conceal irrelevant content. Moreover, there is the option to personalize and organize the data within the table. 

    Request and Response Pane 

    In the Contents pane, choosing an item will reveal its corresponding Request and Response in the pane below. The Inspector feature is available to examine these messages in detail. For sending a message to a different Burp tool, simply right-click on it. 

    Burp is equipped with an extensive array of features designed to facilitate rapid message analysis, propel the primary workflow of Burp, and perform a variety of additional practical operations. 

    Issues  

    The Issues section displays identified problems by the Burp Scanner related to the selections made in the tree view. By selecting a particular issue, you can access further information in the tabs: 

    • Advisory – Offers an overview of the issue’s nature and the steps for its resolution 

    more Related articles

    READ ALL