Discovering hidden content with Burp Suite
Applications often contain locations that you can't browse to, as they are not directly linked from visible content. Some examples of hidden content include:
-
Functionality that has been used for testing, but hasn't been removed.
-
New functionality that has been added to the server, but hasn't been linked from the main application.
-
Internal-only functionality that isn't linked from the main application.
-
Features that your account doesn't have permission to use.
Burp includes a range of tools that can help you discover hidden content. This enables you to build a more comprehensive map of the target application and identify a wider attack surface.
Tutorials in this section