Administrator
发布于 2024-08-06 / 48 阅读
0
0

BurpSuite 渗透测试初探

必备工具
 Burp
 Yakit
Burp常用插件
 https://github.com/gh0stkey/HaE
 https://github.com/smxiazi/xia_sql
 https://github.com/portswigger/authz 
 https://github.com/KagamigawaMeguri/burp-UnicodeAutoDecode 
 https://github.com/portswigger/co2 
 https://github.com/portswigger/copy-as-go-request 
 https://github.com/portswigger/copy-as-python-requests
扫描工具
 https://github.com/TideSec/TscanPlus 
 https://github.com/lijiejie/EasyPen
内网工具 
 https://www.parallels.cn/products/ras/download/client/ 
 https://github.com/carlospolop/PEASS-ng 
 https://github.com/G0mini/spark
其他工具 
 https://github.com/81NewArk/StupidOCR

1.部署激活BurpSuite v2024.2.1.2

下载链接:
123网盘(不限速 需登录 免客户端 )
https://www.123pan.com/s/F2W5Vv-Rk7Vv.html
提取码:52pj

百度网盘链接:
https://pan.baidu.com/s/1J_CUxLKqC0h3Ypg4sQV0_g
提取码:52pj

2.搭建pikachu靶场

下载地址:https://github.com/zhuifengshaonianhanlu/pikachu

3.通过BurpSuite内嵌浏览器抓取数据包

4.基于表单的暴力破解

4.1 通过代理获取到http请求

4.2 将请求发送到Intruder,并设置payload 位置

4.3 设置payload 字典列表

4.4 发起攻击,根据响应长度判断不同状态


评论