-
Notifications
You must be signed in to change notification settings - Fork 1
Map
Tony West edited this page Apr 23, 2026
·
1 revision
The Map tab builds a navigable tree of every host and endpoint that has passed through the proxy. It is the fastest way to get a structural picture of a target's attack surface during recon.
The site map is organized in three levels:
-
Hosts (top level): one node per origin, meaning
scheme://host:port. Each host node shows the total number of captured requests. - Endpoints: unique paths under each host, annotated with the HTTP methods observed at that path.
- Variants: distinct query parameter combinations for each endpoint, with per-variant request counts.
The tree updates automatically as new traffic is captured. Nothing needs to be refreshed.
Click any variant to open the full request and response on the right, with syntax highlighting matching the History detail view.
- Expand a host you just crawled to see every endpoint the application exposed.
- Use the methods column to spot endpoints that accept
PUT,DELETE, orPATCH. - Compare variants to see which query parameters are actually exercised.
- Use it as a jumping-off point into Manipulate or Fuzz once you have picked a target.
The map only contains traffic that was actually captured, so the scope and noise filter settings on Settings directly shape what appears here. Out-of-scope hosts never show up.