Content Discovery

How do you find a directory that is not linked by any page in the application? If we know the directory name, we can check for its existence by making a request for it. A HTTP status code of 200 and 403 will quickly tell us that the directory, in fact, exists but is not linked anywhere. Similarly, there are many techniques to discover content.

Note

Depending on how a web application is created, Content Discovery can be quite useful or utterly useless. Some applications might return HTTP status code 200 even for resources that are not found. So, we need to be smart about the results. Also what we can do with Content Discovery can be achieved by using Intruder as well. Testers normally use other discovery tools such as OWASP DirBuster ...

Get Burp Suite Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Essentials by Akash Mahajan

Content Discovery

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly