Tips & Tricks
Passive Vulnerability Detection
All tools from Suite contain a passive vulnerability discovery engine. In this tutorial you will learn how to use it with HTTPView in order to discover vulnerabilities simply by browsing the target application.
Open HTTPView. In a separate tab/window navigate to the target URL.
All requests and responses are now recorded by HTTPView. Click on the Report button. Notice that new vulnerabilities are automatically discovered by simply exploring the application.
You can export the vulnerability findings in several popular document formats including CVS, XML, HTML and JSON.
This technique can be used to find some very interesting vulnerabilities without actively attacking the targeted application. This is particularly useful in the initial stages of the penetration testing process.