Nikto has an option to use an http proxy. So by using a tool that can intercept the http requests and show them in proper format, we can analyse the queries made by nikto. with burp suite. Burp has an integrated http proxy and a free edition.

Burp suite is written in java, so the JRE is needed to run it. On ubuntu it can be installed from synaptic package manager.

Start the burp suite and go to proxy tab. The proxy tab has 3 sub tabs namely : intercept, options and history.

In the intercept tab turn intercept off. Otherwise burp suite will ask for a confirmation before allowing each request.

Then go to the history tab. The history tab will show us all requests that nikto shall be making.

Burp Suite is already installed in Kali.

How to tell nikto to use the proxy server:

$ nikto -host www.example.com -useproxy http://localhost:8080/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.