What is Spidering?
Spidering is the technique of mapping a website and identify all the pages that are accessible to any user.
How is it Done?
- When active spider occurs the tool being used to spider clicks on every link and button, and fills in every form field. The tool will continue to follow each page and not stop untill told to do so.
- This can be dangerous because it can be seen as an attack if the tool finds an admin page and submits a button that deletes users or deletes pages.
- When passive spidering occurs it acts just like active however it will stop at the next page. Passive tends to be safer then active.
Spidering should be done prior to testing for vulnerabilities on a webpage for a few important reasons.
- Creating a website map gives automated tools the ability to identify every possible vulnerable page.
- It also gives a tester a better picture of the website.
- Spidering can also identify pages that shouldn’t be available to the average users
Pages such as admin consoles, unfinished pages. Or pages that contains sensitive data.
Spidering is an important topic when performing web app pentesting.
I will show how it’s done using various tools like Burpsuit and OWASP-ZAP.
Like us on facebook :- facebook.com/greyhatcommunity
Also read :- SQL Injection – Intro