Directory Browsing is allowed when the web server is misconfigured to show the
user the contents of directories on the server.
Video Tutorials
Use search engines to look for pages which include "index of" in the title.
Additionally attempt to read the robots.txt file and spider the application
with a tool such as Burp-Suite, OWASP ZAP, or Nikto, and directories
named by search engines.
Catalog and inspect the folders named in robots.txt and any directories
discovered during spidering. Use a tool such as Burp-Intruder to brute-force
sub-directory names in the root directory and other discovered directories.
How to Install Java on Windows
How to Install OWASP ZAP on Windows
How to install Java on Linux (Debian, Ubuntu, Kali)
How to Install OWASP ZAP on Ubuntu
How to Install OWASP ZAP on Linux
How to Create Shortcut for OWASP ZAP (Linux)
How to Install and Configure Foxy Proxy with Firefox
How to Proxy Web Traffic through OWASP ZAP
How to Intercept HTTP Requests with OWASP ZAP
How to Spider a Web Site with OWASP ZAP
OWASP ZAP Breakpoints: Part 1 - Trapping HTTP Requests
OWASP ZAP Breakpoints: Part 2 - Trapping Specific HTTP Requests
How to Fuzz Web Applications with OWASP ZAP (Part 1)
How to Fuzz Web Applications with OWASP ZAP (Part 2)
OWASP ZAP: Web App Vulnerability Assessment (Single Page)
OWASP ZAP: Automated Web App Vulnerability Assessment (Entire Site)
OWASP ZAP: Web App Vulnerability Assessment (Partial Site)
How to Start OWASP ZAP from Command Line
Extending OWASP ZAP with Add-Ons
Using OWASP ZAP with Burp-Suite: Best of Both Worlds
|