Directory Browsing

Overview Directory Browsing is allowed when the web server is misconfigured to show the user the contents of directories on the server. Discovery Methodology Use search engines to look for pages which include "index of" in the title. Additionally attempt to read the robots.txt file and spider the application with a tool such as Burp-Suite, OWASP ZAP, or Nikto, and directories named by search engines. Exploitation Catalog and inspect the folders named in robots.txt and any directories discovered during spidering. Use a tool such as Burp-Intruder to brute-force sub-directory names in the root directory and other discovered directories. Videos Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Spidering Web Applications with Burp-Suite