Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson covers spidering. Participants learn about: 1. What is spidering? 2. How to spider with BurpSuite 3. How to spider with ZAP 4. Spidering in other programs Spidering is a technique used to map a web site and identify pages that all users have access to and is done either actively or passively.

Video Transcription

00:04
welcome to Cyber. Very. I am Raymond Evans and I will be your subject matter expert for Cyber Aires. Web app, penetration, testing course.
00:11
In this video, we will be discussing Spider Ring. We'll be covering this video. We're gonna discuss what is Spider Ring? We're gonna talk about how to spider with burb. Sweet. We're gonna discuss how to spider with Zapp. Is that attack proxy?
00:26
And then we're gonna talk about spider Ring that exists in other programs that you may wanna know about.
00:31
So what is spider? Well, spider is a technique of a mapping a website and identifying all the pages are accessible to any user. So
00:39
basically, just
00:41
crawls the page and finds everything that
00:44
a user can click on and interact with on a website. This could be anything from pages that users air supposed to access to some documents that may be stored on the server and may not necessarily be for a normal user's eyes, something like a person's resume or
01:03
an internal address list or something like that.
01:06
Sometimes these air put onto servers and people don't realize that those are public facing servers. Um, so
01:15
they put on our thinking Hey, I can access this later, you know, Or I could just distribute it out to the internal
01:22
network here. But in reality, people from outside of the organization confused as well, and sometimes that can lead Thio sensitive data being leaked. So that's way you may want to do. Spider needs to find any of those sensitive files that may be out there that you necessarily don't want people to see. So how is it done?
01:41
No, There's two ways there's actively and passively when active Spider occurs, the tool being used to spider clicks on every single Lincoln. Everybody filled every single form out.
01:51
The tool will continue to follow each page and not stop until told to do so. This could be dangerous because it could be seen as an attack of the tool finds something like an admin page and some click submit on a button that deletes users or delete pages.
02:06
So it could be really, really dangerous if some kind of administrative pages left public facing and not locked down properly, so you won't be careful. It's spider ring, so you don't accidentally
02:17
cause a loss of data.
02:20
It got to be done passively Additionally, aspiring can be done passively so in a passive spider occurs, it acts just like an active. However, it will stop at the next page.
02:30
Passive tends to be safer than active because it really doesn't click on every single link. It gives you information like
02:37
info from HTML code headers and things like that. Um, and it's generally safer Spy thing should be done prior testing for vulnerabilities on a Web page for a few important reasons. One creating a Web site map gives Our maid told the ability to identify every possible vulnerable page.
02:54
It also gives the tester a better picture of the website.
02:59
Aspiring can also identify pages that shouldn't be available to average users. Things like we said before ABIN controls on finished pages or pages that contained sensitive data or where you can download files from that are sensitive. Inspiring is a very important tool in performing Web. At pen testing,
03:16
you will want to spider every time you perform a Web penetration test to get an idea of your terrain

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor