welcome to Cyber. Very. I am Raymond Evans and I will be your subject matter expert for Cyber Aires. Web app, penetration, testing course.
In this video, we will be discussing Spider Ring. We'll be covering this video. We're gonna discuss what is Spider Ring? We're gonna talk about how to spider with burb. Sweet. We're gonna discuss how to spider with Zapp. Is that attack proxy?
And then we're gonna talk about spider Ring that exists in other programs that you may wanna know about.
So what is spider? Well, spider is a technique of a mapping a website and identifying all the pages are accessible to any user. So
crawls the page and finds everything that
a user can click on and interact with on a website. This could be anything from pages that users air supposed to access to some documents that may be stored on the server and may not necessarily be for a normal user's eyes, something like a person's resume or
an internal address list or something like that.
Sometimes these air put onto servers and people don't realize that those are public facing servers. Um, so
they put on our thinking Hey, I can access this later, you know, Or I could just distribute it out to the internal
network here. But in reality, people from outside of the organization confused as well, and sometimes that can lead Thio sensitive data being leaked. So that's way you may want to do. Spider needs to find any of those sensitive files that may be out there that you necessarily don't want people to see. So how is it done?
No, There's two ways there's actively and passively when active Spider occurs, the tool being used to spider clicks on every single Lincoln. Everybody filled every single form out.
The tool will continue to follow each page and not stop until told to do so. This could be dangerous because it could be seen as an attack of the tool finds something like an admin page and some click submit on a button that deletes users or delete pages.
So it could be really, really dangerous if some kind of administrative pages left public facing and not locked down properly, so you won't be careful. It's spider ring, so you don't accidentally
cause a loss of data.
It got to be done passively Additionally, aspiring can be done passively so in a passive spider occurs, it acts just like an active. However, it will stop at the next page.
Passive tends to be safer than active because it really doesn't click on every single link. It gives you information like
info from HTML code headers and things like that. Um, and it's generally safer Spy thing should be done prior testing for vulnerabilities on a Web page for a few important reasons. One creating a Web site map gives Our maid told the ability to identify every possible vulnerable page.
It also gives the tester a better picture of the website.
Aspiring can also identify pages that shouldn't be available to average users. Things like we said before ABIN controls on finished pages or pages that contained sensitive data or where you can download files from that are sensitive. Inspiring is a very important tool in performing Web. At pen testing,
you will want to spider every time you perform a Web penetration test to get an idea of your terrain