|
Burp Spider is a tool for mapping web applications. It uses
various intelligent techniques to generate a comprehensive inventory
of an application's content and functionality.
Burp Spider enables you to obtain a detailed understanding of how a
web application works, avoiding the time-consuming and unreliable
task of manually following links, submitting forms and scouring HTML
source code. Potentially vulnerable application functions can be
quickly identified, allowing you to check for specific
vulnerabilities such as SQL injection and directory traversal.
Key features include:
- Accurate HTML and JavaScript parsers to effectively
enumerate the application's content and functionality.
- Presentation of findings in tree and table formats, with detailed
information about all results.
- Handling of HTML forms, with automatic or user-guided form
submission.
- Detailed analysis and rendering of all application
responses, including HTML and media content.
- Full integration with other Burp Suite tools.
- Authentication to protected areas of the application using
supplied credentials.
- Processing of cookies.
- Detection of custom "not found" responses.
- Fine-grained scope control.
- SSL support.
- Identification of dynamic "application" pages
which use data parameters or are session-dependent.
- IDS evasion techniques.
- Support for downstream proxy server.
- Authentication to downstream proxy and web servers, using
basic, NTLM or digest authentication types.
- Optimised memory and disk usage to allow efficient spidering
of very large sites.
- Runs in both Linux and Windows.
Burp Spider is part of the Burp Suite of web application hack tools. For examples of
Burp Spider in action, see the screenshots,
or for detailed information about the configuration and use of Burp Spider, see
the help file.
Download Burp Spider.
|
