0x08 - Better Folder Enumeration

Did you know you can improve your folder/file enumeration discovery by turning on the redirections in Burp intruder?

By default, Burp Intruder is configured to never follow redirects

This can be an issue because:

1. You might miss on attack surface if looking only for status code 200
2. You need to review and follow all 302 redirects manually (slow & tedious)

My preferred choice is to Always follow redirects (see screenshot)

If the domain is out of scope you can discard the finding

But sometimes it takes multiple redirects for the application to reach the destination:

  1. Redirects might go to internal domain -> info disclosure

  2. Redirects might go to hidden subdomain/path -> new attack surface

  3. Redirects can disclose new technical details -> info gathering


How to do it

To enable this feature, navigate to Intruder -> Settings -> Redirections and set the option to Always