Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Discover hidden files and directories

olek | Last updated: May 06, 2021 01:25PM UTC

Hi Team I would like ask about how to discover hide directories and files in Burp.I try use some wordlist but this not works for my .Any hide folder can not be find. But If I use some pay commercial online scanner.I see hide directories can be find. Please about advice how to use Burp for it.

Ben, PortSwigger Agent | Last updated: May 07, 2021 08:43AM UTC

Hi, Can you confirm how you are currently trying to find hidden directories and files using Burp? Using the Content Discovery tool within Burp should allow you to find directories and files that are not linked from elsewhere in the site by configuring Burp to use a wordlist that you wish to search against (in the same manner as other content discovery tools that are available). There are more details on this particular tool on the page below: https://portswigger.net/burp/documentation/desktop/functions/content-discovery

olek | Last updated: May 07, 2021 01:04PM UTC

I send page to intruder for example GET /§ §HTTP/2 and load some worldlist .And looking for 200 respond. May be is wrong scan or my words list wrong . What do you think.?? When I use pentest-tools.com I can see hide folders .

Ben, PortSwigger Agent | Last updated: May 10, 2021 07:38AM UTC

Hi, Intruder can be used in the manner that you have described or, as noted in my first response, you might want to try the specific Content Discovery tool that Burp has available to it. Content discovery is going to be heavily reliant upon the wordlist being used to search against - just to confirm, is the name of the directory you are looking for contained in the wordlist that you are trying to use and Burp is not finding these hidden directories?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.