0x08 - Better Folder Enumeration
Did you know you can improve your folder/file enumeration discovery by turning on the redirections in Burp intruder?
By default, Burp Intruder is configured to never follow redirects
This can be an issue because:
1. You might miss on attack surface if looking only for status code 200
2. You need to review and follow all 302 redirects manually (slow & tedious)
My preferred choice is to Always
follow redirects (see screenshot)
If the domain is out of scope you can discard the finding
But sometimes it takes multiple redirects for the application to reach the destination:
Redirects might go to internal domain -> info disclosure
Redirects might go to hidden subdomain/path -> new attack surface
-
Redirects can disclose new technical details -> info gathering
How to do it
To enable this feature, navigate to Intruder
-> Settings
-> Redirections
and set the option to Always