User Driven Workflow

  1. Set up your browser and Burp Proxy to work together (along with any SSH tunnels that are required).
  2. Turn off Proxy interception, and browse the entire application manually
  3. If the application has multiple authentication levels, start with the highest privileged user account.
    • Create users if the application has functionality to do so
    • Browse the application with the highest privilege available
    • Browse the app with all the roles provided
    • Browse the app as a user not mapped to any role
  4. Follow every link, submit every form, step through every multi-stage process, and log in to all protected areas.
  5. The intention is to populate the Target site map with all of the visible content.

References

results matching ""

    No results matching ""