nerdexam
EC-Council

312-50V13 · Question #513

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffecti

The correct answer is D. User-directed spidering with tools like Burp Suite and WebScarab. Explanation Option D is correct because user-directed spidering (also called manual crawling) involves the hacker manually browsing the website while a proxy tool like Burp Suite or WebScarab intercepts and logs all incoming and outgoing traffic - this bypasses the robots.txt fil

Submitted by takeshi77· Mar 6, 2026Footprinting and Reconnaissance

Question

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

Options

  • AUsing Photon to retrieve archived URLs of the target website from archive.org
  • BUsing the Netcraft tool to gather website information
  • CExamining HTML source code and cookies
  • DUser-directed spidering with tools like Burp Suite and WebScarab

How the community answered

(31 responses)
  • A
    13% (4)
  • B
    3% (1)
  • C
    10% (3)
  • D
    74% (23)

Explanation

Explanation

Option D is correct because user-directed spidering (also called manual crawling) involves the hacker manually browsing the website while a proxy tool like Burp Suite or WebScarab intercepts and logs all incoming and outgoing traffic - this bypasses the robots.txt file (the "specific file in the root directory" that blocks automated web spiders) and allows complete mapping of the site's files and pages.

Option A is wrong because Photon retrieves archived/historical URLs from archive.org - it doesn't monitor live traffic or uncover files through manual browsing. Option B is wrong because Netcraft is a passive reconnaissance tool used to gather general website metadata (hosting info, OS, etc.), not to map internal pages or monitor traffic. Option C is wrong because examining HTML source code and cookies is a valid recon step but doesn't involve traffic monitoring or systematic discovery of all files and pages across a site.

Memory Tip: Think of it as "you drive, the tool watches" - in user-directed spidering, YOU manually navigate the site while Burp Suite acts as a silent observer recording everything, making it perfect when robots.txt would stop automated crawlers cold.

Topics

#Footprinting#Web Spidering#Burp Suite#Traffic Monitoring

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice