The following steps will help you to perform web application analysis using the Metasploitable2:
- To install a Burp Suite extension, we will first navigate to the Extender tab and click on BApp Store. Here, there are a number of extensions available ready to be installed and used:
- We are going to take a look at the Logger++ extension. If we select it, we can see a description of the additional capabilities it adds to Burp. In this case, the extension can be used to log the requests and responses made by all of Burp Suite's tools, and it also provides a way to export them. To use this extension, we first click on the Install button:
- After installing it, you will notice we have a new tab in our Burp interface called Logger++. If we click on it and go to Options, we can specify whether to only log in-scope items and what tools that we want it to capture. Select In scope items only:
- To demonstrate the Logger++ ability, we will click back over to the Target tab and spider the dvwa directory:
- Now, if we click back over to the Logger++ tab and click on View Logs, we can see our requests. Additionally, if we want to save these requests as a .csv file, we can do so from the Options screen:
