Scribd
Upload
60 views2 pages

Burpsuite Basics

The document discusses using Burp Suite to inspect source code and find sensitive information by checking the robots.txt file and possible directory listings, ultimately finding debug parameters that reveal sensitive data when set to true.

Uploaded by

contact
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
60 views2 pages

Burpsuite Basics

The document discusses using Burp Suite to inspect source code and find sensitive information by checking the robots.txt file and possible directory listings, ultimately finding debug parameters that reveal sensitive data when set to true.

Uploaded by

contact
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Burpsuite Basics

When we access the IP address from the browser, we get this landing page.

It doesn't seem like much, but we can inspect the source code to find some sensitive information.

We know that the robots.txt file is there. Let's check it out.

We have a list of possible directories. While checking, we found that the connections directory has a webpage on
it. The debug parameter also caught our eye.

1/2
Sure enough, in connections we can see a message Debug is false. Let's add the url parameter debug. We didn't
find anything when set to false, so we tried setting it to true.

We found sensitive information.

2/2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy