{
    "id": "39ac15e8-cb96-31ed-9dac-406bd6685f68",
    "name": "Passive Crawling with Burp Suite",
    "slug": "passive-crawling-with-burp-suite",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "ddea4697-cb43-4a1b-994d-14fb7c13da2a",
            "20178c4c-9456-409a-b45b-5e852d8f3953",
            "4363cb86-4310-4232-8850-0f6078fe4fbf",
            "79af5ed1-26eb-439b-81c1-9f5f6ee5b0b1",
            "ec4e1013-09f0-486a-acea-ee4936e2cf7f",
            "196e96da-8d14-45c9-b4f8-1a1bd4892bcd",
            "5cbd7e57-a867-3ab3-92e2-bf1b6da48e2a"
        ],
        "pta_sdn": "1891",
        "collections": [],
        "pta_manual_id": "14d4-fcb2-2494-c34a",
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": {
        "id": "7fabed6c-c6a0-4037-96e5-033eac511044",
        "user_id": "5dde02c1-353c-4e44-af4d-e217c38efd6a",
        "lab": {
            "id": "39ac15e8-cb96-31ed-9dac-406bd6685f68",
            "name": "Passive Crawling with Burp Suite",
            "lab_type": "pta"
        },
        "pta_url": "https://gd5gicw11u1nr46aeyp9bdmk9.us-east-8.attackdefensecloudlabs.com/?username=&password=",
        "last_started_at": "2024-12-05T19:38:37.758049Z",
        "terminated_at": "2024-12-05T22:12:30.158839Z",
        "running_time": 9232,
        "metadata": {
            "layout": "tr-tr-qwerty",
            "region": "US-East",
            "context": {
                "parent_id": "20178c4c-9456-409a-b45b-5e852d8f3953",
                "parent_name": "Intro to Advanced Web Application Penetration Testing",
                "parent_type": "course"
            }
        },
        "status": "terminated",
        "created": "2024-12-05T19:38:37.758075Z",
        "modified": "2024-12-05T22:12:30.162465Z",
        "duration_in_seconds": 9218,
        "shutdown_time": 10800
    },
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:16.215690Z",
    "modified": "2024-11-18T15:50:08.733978Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [
        {
            "id": "94b65232-279b-4f35-8754-80f47bbe42d3",
            "name": "Basics"
        },
        {
            "id": "4cb14af3-bc21-4b7b-8720-00d21f682dcc",
            "name": "Tools of the Trade"
        }
    ],
    "tags": [],
    "difficulty": "professional",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": "2bd97946-50f4-3b03-8907-54256a199172",
    "explanation_video": null,
    "description": "Web Application Pentesting Tools can prove to be very helpful while performing penetration testing. \n\nIn this lab exercise, we will take a look at how to use [Burp Suite](https://portswigger.net/burp/documentation/desktop/tools) to perform passive crawling on the [Mutillidae](https://github.com/webpwnized/mutillidae) web application.",
    "description_html": "<p>Web Application Pentesting Tools can prove to be very helpful while performing penetration testing. </p>\n<p>In this lab exercise, we will take a look at how to use <a href=\"https://portswigger.net/burp/documentation/desktop/tools\">Burp Suite</a> to perform passive crawling on the <a href=\"https://github.com/webpwnized/mutillidae\">Mutillidae</a> web application.</p>",
    "tasks": "# Lab Environment\n\nIn this lab environment, you will be provided with GUI access to a Kali machine. The target machine running the [Mutillidae](https://github.com/webpwnized/mutillidae) web application will be accessible at **demo.ine.local**.\n\n**Objective:** Perform passive crawling on the web application with Burp Suite.\n\n# Tools\n\nThe best tools for this lab are:\n\n- Nmap\n- Burp Suite",
    "tasks_html": "<h1>Lab Environment</h1>\n<p>In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running the <a href=\"https://github.com/webpwnized/mutillidae\">Mutillidae</a> web application will be accessible at <strong>demo.ine.local</strong>.</p>\n<p><strong>Objective:</strong> Perform passive crawling on the web application with Burp Suite.</p>\n<h1>Tools</h1>\n<p>The best tools for this lab are:</p>\n<ul>\n<li>Nmap</li>\n<li>Burp Suite</li>\n</ul>",
    "published_date": "2022-12-27T20:58:44Z",
    "solutions": "**Step 1:** Open the lab link to access the Kali machine.\n\n![image5](https://assets.ine.com/lab/learningpath/a2fcb0d93a5c4e939ddcab66c095ea88229ef06b0380b0ce71639c582b3b6def.jpg)\n\n**Step 2:** Check if the target machine is reachable:\n\n**Command:**\n\n```\nping -c 4 demo.ine.local\n```\n\n![image2](https://assets.ine.com/lab/learningpath/79b40c8b58036aaf6d6428ccfec6e3eae4194786940ee27b0ddfd45298864015.jpg)\n\nThe target is reachable.\n\n**Step 3:** Run an nmap scan against the target:\n\n**Command:**\n\n```\nnmap -sS -sV demo.ine.local\n```\n\n![image1](https://assets.ine.com/lab/learningpath/ef504f0859afdfbe52656baa8aab3a431896995dd89f605f1b5e6844d27582bb.jpg)\n\nPort 80 and 3306 are open.\n\n**Step 4:** Access the web application using firefox.\n\n**Command:** \n\n```\nfirefox http://demo.ine.local\n```\n\n![image9](https://assets.ine.com/lab/learningpath/415072ec7dab3497f4c909c6145b6c043067bfc414a241488f9733957a93e882.jpg)\n\n**Step 5:** The target is running OWASP Mutillidae II. Configure the firefox browser to use burp suite proxy.\n\n![image4](https://assets.ine.com/lab/learningpath/0bdd8f116cd43a6d1e225ebebb1703ff0a342562e5d698410ac0aae029716461.jpg)\n\n**Step 6:** Start burp suite.\n\n![image6](https://assets.ine.com/lab/learningpath/232c585fb74602aa20bbab3d1f0313ad0e6775d31cc4add730d217079a0caf25.jpg)\n\nGo to the Proxy tab, and turn off the intercept.\n\n![image0](https://assets.ine.com/lab/learningpath/2ce1427dba7eff3b287cef79040c9f07e3f11137c68d131b996b2b8cc7a3ebd8.jpg)\n\n**Step 7:** Navigate to the Dashboard tab.\n\n![image10](https://assets.ine.com/lab/learningpath/508a80d0cfc9de6a3fca8dc63182c05ee28a7604362e7ee2a5cf96af8689f154.jpg)\n\nYou will see that Passive Crawling is enabled.\n\n**Browse the Mutillidae application and burp will automatically crawl the visited pages.**\n\nThe passive crawler statistics are mentioned.\n\n![image3](https://assets.ine.com/lab/learningpath/037fb1baaf5ec753668f2c6ebae93ae5a7f9291505e0251d267dfcd416a6cbab.jpg)\n\n**Step 8:** Go to the \"HTTP history\" tab under Proxy.\n\n![image7](https://assets.ine.com/lab/learningpath/3a1c87199e6413fb6e14be393f6e83266625f2abe3c9931723849dd85df96ec5.jpg)\n\nThe visited web pages will appear under this tab.\n\n**Step 9:** Navigate to \u201cTarget\u201d tab and the sitemap of the web application will be displayed.\n\n![image8](https://assets.ine.com/lab/learningpath/540b238c96d6056c03754e59336bf0f7bbcdf4a1cf13cf88a179c920e879aec4.jpg)\n\n# Conclusion\n\nIn this lab, we saw how to use Burp Suite to perform passive crawling on a web application.\n\n# References\n\n- [Burp Suite](https://portswigger.net/burp)\n- [Mutillidae II](https://sourceforge.net/projects/mutillidae/)",
    "solutions_html": "<p><strong>Step 1:</strong> Open the lab link to access the Kali machine.</p>\n<p><img alt=\"image5\" src=\"https://assets.ine.com/lab/learningpath/a2fcb0d93a5c4e939ddcab66c095ea88229ef06b0380b0ce71639c582b3b6def.jpg\" /></p>\n<p><strong>Step 2:</strong> Check if the target machine is reachable:</p>\n<p><strong>Command:</strong></p>\n<pre class=\"codehilite\"><code>ping -c 4 demo.ine.local</code></pre>\n\n<p><img alt=\"image2\" src=\"https://assets.ine.com/lab/learningpath/79b40c8b58036aaf6d6428ccfec6e3eae4194786940ee27b0ddfd45298864015.jpg\" /></p>\n<p>The target is reachable.</p>\n<p><strong>Step 3:</strong> Run an nmap scan against the target:</p>\n<p><strong>Command:</strong></p>\n<pre class=\"codehilite\"><code>nmap -sS -sV demo.ine.local</code></pre>\n\n<p><img alt=\"image1\" src=\"https://assets.ine.com/lab/learningpath/ef504f0859afdfbe52656baa8aab3a431896995dd89f605f1b5e6844d27582bb.jpg\" /></p>\n<p>Port 80 and 3306 are open.</p>\n<p><strong>Step 4:</strong> Access the web application using firefox.</p>\n<p><strong>Command:</strong> </p>\n<pre class=\"codehilite\"><code>firefox http://demo.ine.local</code></pre>\n\n<p><img alt=\"image9\" src=\"https://assets.ine.com/lab/learningpath/415072ec7dab3497f4c909c6145b6c043067bfc414a241488f9733957a93e882.jpg\" /></p>\n<p><strong>Step 5:</strong> The target is running OWASP Mutillidae II. Configure the firefox browser to use burp suite proxy.</p>\n<p><img alt=\"image4\" src=\"https://assets.ine.com/lab/learningpath/0bdd8f116cd43a6d1e225ebebb1703ff0a342562e5d698410ac0aae029716461.jpg\" /></p>\n<p><strong>Step 6:</strong> Start burp suite.</p>\n<p><img alt=\"image6\" src=\"https://assets.ine.com/lab/learningpath/232c585fb74602aa20bbab3d1f0313ad0e6775d31cc4add730d217079a0caf25.jpg\" /></p>\n<p>Go to the Proxy tab, and turn off the intercept.</p>\n<p><img alt=\"image0\" src=\"https://assets.ine.com/lab/learningpath/2ce1427dba7eff3b287cef79040c9f07e3f11137c68d131b996b2b8cc7a3ebd8.jpg\" /></p>\n<p><strong>Step 7:</strong> Navigate to the Dashboard tab.</p>\n<p><img alt=\"image10\" src=\"https://assets.ine.com/lab/learningpath/508a80d0cfc9de6a3fca8dc63182c05ee28a7604362e7ee2a5cf96af8689f154.jpg\" /></p>\n<p>You will see that Passive Crawling is enabled.</p>\n<p><strong>Browse the Mutillidae application and burp will automatically crawl the visited pages.</strong></p>\n<p>The passive crawler statistics are mentioned.</p>\n<p><img alt=\"image3\" src=\"https://assets.ine.com/lab/learningpath/037fb1baaf5ec753668f2c6ebae93ae5a7f9291505e0251d267dfcd416a6cbab.jpg\" /></p>\n<p><strong>Step 8:</strong> Go to the \"HTTP history\" tab under Proxy.</p>\n<p><img alt=\"image7\" src=\"https://assets.ine.com/lab/learningpath/3a1c87199e6413fb6e14be393f6e83266625f2abe3c9931723849dd85df96ec5.jpg\" /></p>\n<p>The visited web pages will appear under this tab.</p>\n<p><strong>Step 9:</strong> Navigate to \u201cTarget\u201d tab and the sitemap of the web application will be displayed.</p>\n<p><img alt=\"image8\" src=\"https://assets.ine.com/lab/learningpath/540b238c96d6056c03754e59336bf0f7bbcdf4a1cf13cf88a179c920e879aec4.jpg\" /></p>\n<h1>Conclusion</h1>\n<p>In this lab, we saw how to use Burp Suite to perform passive crawling on a web application.</p>\n<h1>References</h1>\n<ul>\n<li><a href=\"https://portswigger.net/burp\">Burp Suite</a></li>\n<li><a href=\"https://sourceforge.net/projects/mutillidae/\">Mutillidae II</a></li>\n</ul>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "finished",
    "user_lab_status": {
        "user_id": "5dde02c1-353c-4e44-af4d-e217c38efd6a",
        "lab": "39ac15e8-cb96-31ed-9dac-406bd6685f68",
        "status": "finished",
        "created": "2024-09-24T11:21:11.204833Z",
        "modified": "2024-12-05T19:38:37.820440Z",
        "lab_type": "pta",
        "flags": [],
        "lab_objectives": [],
        "last_activity_date": "2024-12-05T19:38:37.811980Z"
    },
    "user_status_modified": "2024-12-05T19:38:37.820440Z",
    "user_flags": [],
    "global_running_session": null
}