Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson offers a demo of hidden or 'secret' URLs. Participants receive step by step instructions in how to discover administrative pages that developers may have created but in a way that leave them vulnerable to outside access without a lot of effort. Using the interceptor in Burp Suite, a request is sent to the intruder and shows instances where variables can be subbed in to determine if they are admin pages. A payload is created with different page names to see if they are able to access the admin PHP page.