Part 4 - Spidering

Video Activity

This lesson covers active and passive spidering using the ZED attack proxy.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson covers active and passive spidering using the ZED attack proxy.

Video Transcription
00:03
next, we're gonna check out active and passive Spider ring for the Zed attack Proxy.
00:09
Let's go check it out.
00:19
So we want to close our birth. Sweet, Because if we open up a zit attack proxy while burp suite is open, both listeners will fight for the 1270.0 About one address and you won't get good results. So let's exit this.
00:35
And if we try to do anything now with that closed,
00:41
you're not gonna get anything, because the proxy is not listening anymore, because we've turned it off. So if you wanted to go back to your normal operations, you would go back into the preferences
00:52
settings and
00:54
used the auto detect proxy or use system proxy settings or no proxy to get back.
01:03
So I go in here
01:04
and
01:07
we're gonna open up
01:08
our a wasp zap.
01:26
Just click. Start on that.
01:29
And here we are,
01:30
inelastic debt.
01:34
So what we're gonna do here
01:37
is
01:38
place in our target. You, Earl.
01:42
192.168
01:46
That one. That one too.
01:49
We're not gonna do that yet. Because we're gonna do is come over here
01:53
and
01:55
Proust the page now we see
01:57
Ah, history here, which is kind of performing a passive spider ring
02:04
like burps We did
02:05
so as we cook along it
02:07
populates and
02:09
tells us information about that.
02:23
So if we
02:24
right click on our target here, go to attack
02:28
and we click Spider
02:32
and we want to click recursive That way we try to go through all the pages that finds
02:38
and then you click, Start skin. You can show advanced options here and customize your options some so
02:46
you can tell it. Ah, try to parse, get metadata and you can
02:51
adjust what exactly? It searches for here. And also you can tell it Hey, I want a maximum depth depth crawl of x amount. So that's what that means is
03:00
it will click a link and I will follow that link
03:05
down
03:07
toe. However many links that you're telling it, Thio perform a depth crawl of here we go back over to scope and we're gonna start scan
03:19
and now our
03:21
active scan
03:22
has populated.
03:24
So there was some stuff in here before because of it kind of passively scanning.
03:30
Um, but now we have a full active list here,
03:38
So that is how
03:40
your skin and actively scan and sort of passively scan
03:47
in a wasp. Zepp
Up Next
Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By