Passive Vulnerability Detection

All tools from Suite contain a passive vulnerability discovery engine. In this tutorial you will learn how to use it with HTTPView in order to discover vulnerabilities simply by browsing the target application.

Step 1

Open HTTPView. In a separate tab/window navigate to the target URL.

Screenshot 01

Step 2

All requests and responses are now recorded by HTTPView. Click on the Report button. Notice that new vulnerabilities are automatically discovered by simply exploring the application.

Screenshot 02

Step 3

You can export the vulnerability findings in several popular document formats including CVS, XML, HTML and JSON.

Screenshot 03

Comments

This technique can be used to find some very interesting vulnerabilities without actively attacking the targeted application. This is particularly useful in the initial stages of the penetration testing process.