Overview
Directory Browsing is allowed when the web server is misconfigured to show the user the contents of directories on the server.
Video Tutorials
Discovery Methodology
Use search engines to look for pages which include "index of" in the title. Additionally attempt to read the robots.txt file and spider the application with a tool such as Burp-Suite, OWASP ZAP, or Nikto, and directories named by search engines.
Exploitation
Catalog and inspect the folders named in robots.txt and any directories discovered during spidering. Use a tool such as Burp-Intruder to brute-force sub-directory names in the root directory and other discovered directories.
Videos
How to Install Java on WindowsHow to Install OWASP ZAP on WindowsHow to install Java on Linux (Debian, Ubuntu, Kali)How to Install OWASP ZAP on UbuntuHow to Install OWASP ZAP on LinuxHow to Create Shortcut for OWASP ZAP (Linux)How to Install and Configure Foxy Proxy with FirefoxHow to Proxy Web Traffic through OWASP ZAPHow to Intercept HTTP Requests with OWASP ZAPHow to Spider a Web Site with OWASP ZAPOWASP ZAP Breakpoints: Part 1 - Trapping HTTP RequestsOWASP ZAP Breakpoints: Part 2 - Trapping Specific HTTP RequestsHow to Fuzz Web Applications with OWASP ZAP (Part 1)How to Fuzz Web Applications with OWASP ZAP (Part 2)OWASP ZAP: Web App Vulnerability Assessment (Single Page)OWASP ZAP: Automated Web App Vulnerability Assessment (Entire Site)OWASP ZAP: Web App Vulnerability Assessment (Partial Site)How to Start OWASP ZAP from Command LineExtending OWASP ZAP with Add-OnsUsing OWASP ZAP with Burp-Suite: Best of Both Worlds