February 21st, 2005, 10:03 PM
Brute forcing web app directory structure
How are people doing this atm?
I've setup wikto with a specifc few directories from html investigation of the site I'm looking
at, in addition to its default ones.
The problem is the site requires SSL and you need to accept/install a cert. Wikto can't seem to handle this and I've end up having to use an additional SSL proxy. So I've tried Paros and that dies after a couple thousand requests. I then moved onto Burp which lasts alot longer but literally kills my w2k box.
I'm having issues trying to use stunnel and sslproxy on windows, in addition to the burp on linux - wikto on vmware setup I've been toying with.
Any suggestions or previous experience?