Internal Server Error – During content discovery, this usually

The various possible responses that may indicate the presence of interesting

content mean that is difficult to write a fully automated script to output a list-

ing of valid resources. The best approach is to capture as much information as

possible about the application’s responses during the brute-force exercise, and

manually review it.

Burp Intruder can be used to iterate through a list of common directory

names and capture details of the server’s responses, which can be reviewed to

identify valid directories. Figure 4-3 shows Burp Intruder being configured to

probe for common directories residing at the web root.