Chinese garbled

“ Software is blocking Firefox Connect securely to the website ”

• Remember to trust

In the third quarter BurpSuite relevant

Modify message
forword



drop fall ....

And they are all shaped penetration testing tools ,
Automatic test and semi-automatic test are directly adopted ,
It's very convenient to use ,
And in burpsuite2020 It not only covers 100 Multiple common vulnerabilities ,
And the scanning logic will continue to be improved ,
To ensure that it can help users quickly find the latest vulnerabilities and new situations of existing vulnerabilities ,
So as to better help users intercept 、 modify 、 Repositioning packets, etc. for testing ,
Easily meet users' needs .

besides , stay burpsuite2020 In the software ,
Not only through the use of AST technology 、 Configure scan 、 Browser driven scanning and other functions to automatically scan vulnerabilities ,
You can also manually manage investigation data 、 Test click hijacking attack 、 Expose the hidden attack surface and other penetration test functions ,
In order to provide you with a certain degree of security in all aspects .

burpsuite2020 It's for testing Web Computer network security test software for security ,
Its full name is burp suite professional2020,

Mainly for information security practitioners ,
Provides the user with the ability to execute Web A simple way to test application security ,
At the same time, the built-in Proxy、Spider、Scanner、Intruder、Repeater、Sequencer、Decoder、Comparer And other tool modules for users to choose and use freely ,

And they are all shaped penetration testing tools ,
Automatic test and semi-automatic test are directly adopted ,
It's very convenient to use ,
And in burpsuite2020 It not only covers 100 Multiple common vulnerabilities ,
And the scanning logic will continue to be improved ,
To ensure that it can help users quickly find the latest vulnerabilities and new situations of existing vulnerabilities ,
So as to better help users intercept 、 modify 、 Repositioning packets, etc. for testing ,
Easily meet users' needs .

besides , stay burpsuite2020 In the software ,
Not only through the use of AST technology 、 Configure scan 、 Browser driven scanning and other functions to automatically scan vulnerabilities ,
You can also manually manage investigation data 、 Test click hijacking attack 、 Expose the hidden attack surface and other penetration test functions ,
In order to provide you with a certain degree of security in all aspects .

Be careful ：Burp Suite Pro 2020.8 Version needs to be JDK 9 The above can run , Otherwise, flash back will occur .

JDK 10 yes Java 10 The standard version ,
contain Java The latest development environment jre10 and java10 development tool ,
jdk10 Key improvements include a local type inference 、 A garbage collection “ clean ” Interface .

JDK 10 Its main functions include ：
A local variable type inference ,
Extend type inference to local variables by enhancing language features ,
The aim is to reduce coding related “ Ceremony ”,
While maintaining a security commitment to static types .
A clean garbage collector interface , Used to improve the isolation between garbage collector source code ,
This can help HotSpot The internal garbage collection code in the virtual machine provides better modularity ,
It can also be easier to HotSpot Add a new garbage collector .
parallel 、 complete G1 Garbage collector ,
Improve the worst-case delay problem by implementing parallelism .
Enable HotSpot Allocate the object heap to a user specified spare memory device （ Such as NVDIMM Memory module ）,
This feature also indicates that the future system may adopt heterogeneous memory architecture .

JDK10 contain 12 individual JEP ( Improvement proposals ）：

【286】 Local variable type inference ：
For developers , This is a JDK10 The only real feature .
It is to Java The introduction of... That is common in other languages var ,
such as JavaScript . As long as the compiler can infer this type ,
You no longer need to declare the type of a local variable .
A simple example is ：

 var x = new ArrayList<String>();

This eliminates what we had to do before ArrayList Duplicate type definition .
I encourage you to read JEP ,
Because there are some rules about whether this syntax can be used .

Interestingly , We need to pay attention to var Can't be a keyword , It's a reserved word .
This means you can still use var As a variable ,
Method or package name , But now （ Although I'm sure you'll never ） You can't have another class called .

[310] Application class data sharing (CDS) ：
CDS stay JDK5 Was introduced to improve JVM Performance of start-up ,
At the same time, reduce the resource occupation when multiple virtual machines are running on the same physical or virtual machine .

JDK10 Will expand CDS To allow class loaders for internal systems 、 The class loader of the internal platform and the custom class loader are used to load the obtained classes .
Before ,CDS The use of is limited to bootstrap Class loader for .

[314] additional Unicode Language tag extension ：
This will improve java.util.Locale Class and related API To achieve additional BCP 47 Language tags Unicode Expand . In especial , Type of currency , The first day of the week , Tags such as area coverage and time zone will now be supported .

[322] Time based version control ：
As I discussed in my previous blog ,
our JDK The version string format is almost the same as JDK As many versions .
Fortunately , This is the last thing you need to use , We can stick with it .
This format works much like JDK9 Provides a more semantic form .
One thing that bothers me is that it includes a INTERIM Elements , just as JEP The proposal says ,
“ Forever 0”. ok , If always 0, What does it mean ？
They say it's reserved for future use , But I still don't quite agree with . In my submission , It's a little redundant and complicated .

This also eliminates the need to JDK9 There have been quite strange situations in .
The first update was JDK 9.0.1 , Very logical .
The second update is JDK 9.0.4 , Illogical .
as a result of , stay JDK9 In version counting mode , Need to leave a blank space for emergency use or updates that are not scheduled as expected .
But since there is no update, it is necessary , Why not simply call it JDK 9.0.2 Well ？

[319] Root certificate ：
stay JDK A default set of CA Root certificate .
Key safety components ,
Such as TLS , stay OpenJDK Valid by default in build .
This is a Oracle Efforts are being made to ensure that OpenJDK Binary sum Oracle JDK Part of the same work on binary functions ,
Is a useful supplement .

[307] Parallel full garbage collector G1 :
G1 Is designed as a low latency garbage collector
（ But if it can't keep up with the increase rate caused by the old heap fragments , The full compressed set will still be used ）.
stay JDK9 Before , The default collector is parallel , throughput , The collector .
In order to reduce the difference in the application performance profile using the default collector ,
G1 Now there is a parallel complete collection mechanism .

[313] remove Native-Header Auto generation tool ：
Java9 Started some right JDK Household management ,
This feature is a continuation of it .
Compile JNI Code , Separate tools are no longer needed to generate header files ,
Because this can be done through javac complete .
At some point in the future ,JNI Will be Panama The results of the project replace , But it's not clear when it will happen .

[304] Garbage collector interface :
This is not an interface for developers to control garbage collection ;
It's a place where JVM The interface in the source code allows other garbage collectors to integrate quickly and easily .

[312] Threads - Local variable control ：
This is JVM Fairly low level internal changes , Thread callbacks will now be allowed without running the global virtual machine security point .
This makes it possible and cheap to stop a single thread , Instead of just enabling or stopping all threads .

[316] Heap allocation on standby storage ：
Hardware technology continues to evolve , Can now be used with traditional DRAM Nonvolatile with the same interface and similar performance characteristics RAM .
the JEP Will make JVM The ability to use heaps for different types of storage mechanisms .

[317] Experimental based on Java Of JIT compiler ：
Recently announced Metropolis project , Proposed Java Rewrite most JVM .
At first thought , I think it's strange .
If JVM Yes, it is Java Compiling , So is there a need for JVM To run the JVM ？
Corresponding , This leads to a good mirror analogy .
The reality is that , Use Java To write JVM That doesn't mean you have to compile it into bytecode ,
You can use AOT compile , Then compile the code at run time to improve performance .

the JEP take Graal The compiler research project is introduced into JDK in .
And give it to the general Metropolis The project becomes a reality ,
send JVM Performance and current C++ The written version is comparable to （ Or lucky enough to surpass ） Provide the foundation .

[296]:
Merge JDK Multiple code warehouses into a single repository ：
stay JDK9 in , Yes 8 A warehouse ：
root、corba、hotspot、jaxp、jaxws、jdk、langtools and nashorn .
stay JDK10 These will be combined into one ,
Enables the repository to run across interdependent changesets atomic commit （ Atomic submission ） Make it possible .

• jdk10 install ：
  Click Install Package to install , It should be noted that , Select the installation directory , Don't choose C disc .
  It is recommended to use the catalog style like me , such as

D:\JDK\10

So that more JDK coexistence .

At the same time, uncheck JRE install , because JDK It always includes JRE Of ,
Generally, it is not necessary to install another one independently JRE Waste hard disk .

Configure environment variables
Enter the system environment variable setting page of the computer ,
win10 The system searches directly in the lower left corner " environment variable " that will do
Create a new one in the system environment variable JAVA_HOME environment variable ,
Catalog selection JDK10 The installation directory of is

D:\JDK\10

preservation

stay Path variable , Add one more

%JAVA_HOME%\bin

Variable , Remember to put this variable in the first position ,
This gives it the highest priority , Prevent installation in C Other parts of the disk JRE Conflict with it .

Get into cmd Command prompt ,win10 The system can search in the lower left corner cmd, Enter by car .

Input

java -version

You can view the current JAVA edition

Input

where java

You can see java Directory of command source , If it's configured correctly ,
JDK10 Installation directory , It should be the first line of output .

%JAVA_HOME%\bin

Your position is at the end , May be this JRE Cover , As a result, the output version is not what you expect .

1、 Download decompression , obtain burp suite professional2020 Chinese programs and registration machine files ;

First , double-click “Burp_start_chs.vbs” You can start the Chinese version of the software ,
“Burp_start_en.vbs” It's in English , Prompt for License ;

Open the register , Copy the license key and click next ;

Pop up activation method , Here we choose to manually activate ;

Copy the activation request to the Registrar , Then copy the activation response into the software , To complete activation ;

Function is introduced
One 、Web Vulnerability scanner

1、 covers 100 Multiple common vulnerabilities ,
for example
SQL Injection and cross site scripting （XSS）,
stay OWASP front 10 Excellent performance in all vulnerabilities in the name .

2、Burp The tip of Web Application Finder
Accurately map content and functionality ,
Automatically process sessions , State change , Volatile content and application login .

3、Burp Scanner Including a
complete JavaScript analysis engine ,
The engine combines static （SAST） And dynamic （DAST） technology ,
Used to detect client JavaScript（ For example, based on DOM Cross site scripting ） Security holes in .

4、Burp First to use
Highly innovative Out of band technology （OAST） To enhance the traditional scanning model .
Burp Collaborator technology
send Burp It can detect server-side vulnerabilities that are completely invisible in the external behavior of the application ,
Even report vulnerabilities that are triggered asynchronously after the scan is complete .

5、Burp Infiltrator Technology can be used to detect target applications ,
With the danger of its payload reaching within the application API Time direction Burp Scanner Provide real-time feedback ,
To perform interactive application security testing （IAST）.

6、Burp The scanning logic will be continuously improved ,
To ensure that the latest vulnerabilities and new situations of existing vulnerabilities can be found .
In recent years ,Burp Become the first detector Burp The new vulnerability scanner pioneered by the research team ,
Including template injection and Web Cache poisoning .

7、 All reported vulnerabilities contain detailed custom recommendations .
These include a complete description of the problem and step-by-step repair suggestions .
The suggested wording will be generated dynamically for each question , And accurately describe any special functions or remedial points .

Two 、 Advanced hand tools

1、 Use Burp The project file saves your work incrementally in real time , And answer seamlessly from the last interrupt .

2、 Using the configuration library, you can quickly start target scanning with different settings .

3、 stay Burp View real-time feedback of all discovered vulnerabilities on the central dashboard .

4、 Place the manual insertion point Anywhere in the request , To inform the scanner about non-standard input and data formats .

5、 When browsing Use Real time scanning , To fully control the operations performed on which requests .

6、Burp You can choose to report all reflected and stored inputs , Even if the vulnerability has not been identified , It is also convenient to manually test problems such as cross site scripts .

7、 You can export the format of the discovered vulnerabilities HTML The report .

8、CSRF PoC Generator Function can be used to generate proof of concept cross site requests for a given request （CSRF） attack .

9、 The content discovery function can be used to discover hidden content and functions that are not linked to browsable visible content .

10、 The target analyzer function can be used to analyze targets Web Applications , And tell you how many static and dynamic URL, And each URL How many parameters .

11、Burp Intruder Is an advanced tool for automating custom attacks against applications . It can be used for a variety of purposes , To improve the speed and accuracy of manual testing .

12、 Intruders capture detailed attack results , And clearly display all relevant information about each request and response in tabular form . The captured data includes payload values and locations ,HTTP The status code , Response timer ,cookie, Number of redirects and any configured grep Or the result of data extraction settings .

3、 ... and 、 Basic hand tools

1、Burp Proxy Allows manual testers to intercept all requests and responses between the browser and the target application , Even using HTTPS It's the same when .

2、 You can view , Edit or delete a single message , To manipulate the server-side or client-side components of the application .

3、 The agent history records all the details of all requests and responses through the agent .

4、 You can annotate individual items with annotations and color highlighting , To mark interesting items , For manual follow-up operation in the future .

5、Burp Proxy You can perform various automatic modifications to the response , To facilitate testing . for example , You can unhide hidden form fields , Enable disabled form fields and delete JavaScript Form validation .

6、 You can use match and replace rules , Automatically apply custom modifications to requests and responses passed through the proxy . You can create pairs of message headers and body , Request parameter or URL Rules for operating on file paths .

7、Burp Help eliminate interception HTTPS Browser security warnings that may occur when connecting . When installing ,Burp Will generate a unique CA certificate , You can install it in your browser . then , Generate host certificates for each domain you access , And by trusted CA Certificate signature .

8、Burp Supports invisible agents for non agent aware clients , So you can test non-standard user agents , For example, fat client applications and some mobile applications .

9、HTML5 WebSockets Message to compare with general HTTP Messages are intercepted in the same way and recorded in a separate history .

10、 You can configure fine-grained interception rules , To precisely control the messages to be intercepted , This allows you to focus on the most interesting interactions .

11、 The target site map shows all content that has been found and tested on the site . The content is displayed in a tree view , This view is related to the site URL The structure corresponds to . Selecting a branch or node in the tree displays a list of individual items , And provide complete details when needed , Including requests and responses .

12、 All requests and responses are displayed in HTTP In the message editor . This provides a large number of views of the underlying message , To help analyze and modify its content .

13、 Can be in Burp Easily send separate requests and responses between tools , To support various manual testing workflows .

14、 Use Repeater Tools , You can manually edit and reissue individual requests , And complete request and response history .

15、Sequencer The tool is used to statistically analyze the session token using the randomness of the standard password test

16、 Decoder tools allow you to convert data between common coding schemes and formats used on modern networks .

17、Clickbandit The tool generates effective information for vulnerable application functions Clickjacking attack .

18、 The comparator tool performs a visual distinction between paired requests and responses or other interesting data .

19、 You can create custom session handling rules to handle specific situations . Session processing rules can automatically log in , Detect and recover invalid sessions and obtain valid CSRF token .

20、 Powerful Burp Extender API Allow extension of custom Burp And integrate with other tools .Burp Common use cases for extensions include immediate modification HTTP Requests and responses , Customize Burp UI, Add custom scanners to check and access critical runtime information , Including crawl and scan results .

21、 The BAPP The store is a contributing explosive user community ready to use an extended Repository . Just in Burp UI Click in to install these tools .

Software features
1、 Automatically harvest drooping fruits

Web The vulnerability scanner is Burp Suite Professional At the heart of . This is the scanner trusted by many of the world's largest organizations .

The scanner covers the whole OWASP Top 10, And be able to conduct passive and active analysis . Of course , The development work is carried out by PortSwigger The world's leading research team is responsible for .2、 Save more time through manual guided Automation

You can't find every... Using purely automated tools Web Security vulnerabilities . Many require some form of manual input . however , Exploiting these vulnerabilities can often be a tedious task .Burp Intruder And other powerful labor-saving tools can make better use of your time . When blurring vulnerabilities or using other brute force techniques , Especially so .

3、 Swiss hacker knife

It's easy to see Burp Suite Pro Why does it work . This is a real one-stop solution , Fast , Reliably discover and utilize Web Vulnerabilities in the application . But that's more than that . adopt BApp Store, You can access hundreds of community generated plug-ins .Burp Suite Of Extender API Write your own . By enhancing... In this way Burp Suite Pro The function of , Its application becomes almost unlimited .

4、 The most popular tool in the industry

Burp Suite Professional stay 130 Several countries / Regional ownership 40,000 Multiple users . This makes it useful for Web The world's most widely used toolbox for security testing . It didn't happen by chance . Our tools are known as multipliers of user knowledge .

5、 Others follow

Burp Originally by our founder Dafydd Stuttard writing . You may start from The Web Application Hacker’s Handbook（ About Web Safe, de facto standard textbook ） We know Daf Name .Daf Still lead our development team . No research , You won't have the most advanced tools - Our team is second to none .PortSwigger Committed to education , You will find us at conferences around the world .

If Java If the running environment is configured correctly , When you double-click burpSuite.jar You can start the software , At this time ,Burp Suite I will automatically allocate the maximum available memory , How much memory is actually allocated , The default is generally 64M. When we are in the penetration test process , If thousands of requests pass Burp Suite, This may lead to Burp Suite Crash due to insufficient memory , Thus, the relevant data in the penetration test process will be lost , This is what we don't want to see . therefore , When we start Burp Suite when , It usually specifies the memory size it uses . Generally speaking , We usually allocate 2G Memory for Burp Suite Use , If your computer has enough memory , Can allocate 4G; If your computer memory is small enough , You can also assign 128M. When you give Burp Suite When enough memory is allocated , It can do more . Appoint Burp Suite The specific configuration method of the occupied memory size is to add the following command line parameters in the startup script ： Suppose the name of the startup script is burp_suite_start.bat, Then bat The content of the script is

java -jar -Xmx2048M /your_burpsuite_path/burpsuite.jar

The parameter -Xmx Appoint JVM Maximum memory available , The units could be M, It can also be G, If it is G In units , Then the script content is ：

java -jar -Xmx2G /your_burpsuite_path/burpsuite.jar

Burp Suite It is not supported IPv6 Address for data communication , At this moment in cmd The following exception will be thrown in the console

java.net.SocketException: Permission denied

meanwhile , Browser access , There will be exceptions

Burp proxy error: Permission denied: connect

When the above problem occurs , We need to modify the startup script , Add pair IPv4 After the designation of , restart Burp Suite that will do .

java -jar -Xmx2048M -Djava.net.preferIPv4Stack=true /your_burpsuite_path/burpsuite.jar

adopt -Djava.net.preferIPv4Stack=true Parameter settings , tell Java Running environment , Use IPv4 Protocol stack for data communication ,IPv6 The agreement will be banned . This error is most common in 64 Bit windows On the operating system , Used 32 Bit JDK

2、burpsuite Grab bag tutorial

First install java JDK, Then install burp suite Software , Open... In the tool kit Burpsuite Folder , There are two in this folder jar package , Double-click to open BurpLoader.jar

Open and click I Accept,next Then click Start Burp

And then you need to , To configure Burp agent

In turn, click Proxy —> Options —> add —> Binding —> Set the port and port IP —> OK

IP Set to local loopback IP（127.0.0.1）, Port set to 8080

Then open the Burp There is already a default proxy 127.0.0.1:8080, Check to make it available .

Configure the browser's proxy , Here we use firefox For example , Other browsers are similar .

open firefox —> open a menu —> Options

Then advanced —— > Set up

choice Manually configure agents —> Setting agent IP 127.0.0.1 —> port 8080 —> Choose Use the same agent for all protocols —> determine

After the above settings are completed , You can carry out bag grabbing blasting .

First, grab the package ,Proxy —> Intercept —Intercept is off/on

here ：Intercept is off Means not grabbing the bag ,Intercept is on Grab the bag .

Set up Intercept is on when , Click the page to grab the package , You can grab the request packet

Below to grab weblogic Take the request package at login as an example .

Enter your username and password —> Set up Intercept is on —> Click login —> Successful bag grabbing

3、burpsuite Burst code

If the login request package is captured and the user name and password are clear text , Blasting can be carried out .

Next , The blasting operation steps are as follows ：

Action —> Sent to Intruder

Intruder —> Positions

single click Clear , And then separately Choose admin —> Add

Choose 123456 —> Add

Select blasting mode ：Cluster bomb

In the pop-up dialog , Add user name dictionary and password dictionary , And then click Payloads

Of course, you can also write a txt file , Just import .

Perform blasting ： Click on Start attack

Results check , adopt Length To determine whether the blasting was successful .

Then we can judge from this length , The user name blasted out is admin The password is axis2.

The return length of user name and password after successful blasting is very different from that after failure .

Enclosed KALI Of

https://www.cnblogs.com/ph1sh/p/13442245.html

Translation comparison
BurpBurpSuitesave state wizard Save state wizard

restore state Restore the state

Remember setting Remember to set

restore defaults Restore the default

Intruder The invaders

Start attack Start the attack ( Blast )

Actively scan defined insertion points Define active scan insertion point

Repeater Repeater

New tab behavior The behavior of the new label

Automatic payload positions Automatic load position

config predefined payload lists Configure a predefined payload list

Update content-length Update content length

unpack gzip/deflate decompression gzip/ give up

Follow redirections Follow the redirect

process cookies in redirections During redirection cookies

View View

Action Behavior

Features

Target The goal is

Proxy agent

Spider spider

Scanner scanning

Intruder The invaders

Repeater Repeater

Sequencer Sequencer

Decoder decoder

Comparer The comparator

Extender Expand

Options Set up

Detach Separate

Filter filter

SiteMap Website map

Scope Range

Filter by request type Filter through requests

Intercept Intercept

response Modification Respond to modification

match and replace Match and replace

ssl pass throughSSL adopt

Miscellaneous miscellaneous

spider status Spider state

crawler settings Track settings

passive spidering Passive spiders

form submission Form submission

application login Application login

spider engine Spider engine

scan queue Scan the queue

live scanning Live scan

live active scanning Live active scanning

live passive scanning Live passive scanning

attack insertion points Attack insertion point

active scanning optimization Active scan optimization

active scanning areas Active scanning area

passive scanning areas Passive scanning area

Payload Payload

payload processing Payload handling

select live capture request Select live capture request

token location within response The location of the internal response token

live capture options Real time capture options

Manual load Manual loading

Analyze now Now analysis

Platform authentication Platform authentication

Upstream proxy servers Upstream proxy server

Grep Extrack extract

The lower version is used to

jdk1.8.0_152

burpsuite_pro_v1.7.37

Compress the corresponding version jdk

Command line start perhaps direct xpathrun

Computer development There are other versions Just be honest Start from the command line perhaps Environmental variables find a way

Code explosion

Overall security detection and penetration of actual website

![ Insert picture description here ](https://img-blog.csdnimg.cn/20200506110226320.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzMzNjA4MDAw,size_16,color_FFFFFF,t_70

Bypass cookie The verification code 2 Methods

burpsuite And sqlmap The first method of combining graphic version

QQ 1274510382
Wechat JNZ_aming
Business Alliance QQ Group 538250800
Technical trouble QQ Group 599020441
Solution QQ Group 152889761
Join us QQ Group 649347320
Sharing learning QQ Group 674240731
Chronicle Technology aming
Network security , Deep learning , The embedded , Machine reinforcement , Biological intelligence , Life science .

Grab the bag sql Injection tool skills

# Injection statement learning #

• give an example pangolin
  
  

Brute force （Brute Force）

With the help of the high-speed computing of the computer, the attacker keeps enumerating all possible user names and passwords ,
Until you try the right combination , Successfully logged into the system .

Theoretically , As long as the dictionary is big enough , Cracking will always succeed .

The most effective way to prevent brute force cracking is to set complex passwords
（ The case of English letters 、 Numbers 、 Symbol mixing ）

Storehouse : If your dictionary is leaked from a website , You use it to try to log in to other websites ,

The success rate of database collision attack is higher than that of brute force cracking ,
Because you are A The user name of the website 、 Passwords are usually associated with B The user name of the website 、 The password is the same .

for example ：12306 The ticket purchasing website of the Ministry of Railways used to be in 2014 There was a library collision attack at the end of the year .

0x00 The function point

Packet modification replay

0x01 Information collection plug-in

1.1 HAE

Project address ：https://github.com/gh0stkey/HaE
Introduce ： A method of matching response message or request message through custom regular mode , Extract the plug-ins for obtaining sensitive information
Usage mode ： Import plug-ins , There are many initial rules , It can be customized according to its own needs

1.2 Domain Hunter

Project address ：

https://github.com/bit4woo/domain_hunter_pro

Introduce ： Fast target management 、 Automated information gathering tools , You can extract subdomains from traffic , Related domain name , mailbox ,java Package name . Get information about subdomain names in batch , And some gadgets .

Usage mode ： Import plug-ins , Add a new project

1.3 CaA

Project address ：https://github.com/gh0stkey/CaA

Introduce ： The main function is to collect and flow through BurpSuite Proxy Module HTTP Traffic , And extract some valuable information from the traffic , It can help you record these information and count the frequency of each information field ,
This information can be used for interfaces 、 Parameters 、 Directory and other related enumeration work

Usage mode ： Import plug-ins , Configuration database .

Automatically enabled ,
When querying, please note that you need to enter the complete domain name ,
Param： Parameter table ,file： Document list ,Endpoint： Interface table at the end ,FullPath： Complete table of contents ,Path： First level table of contents .

0x03 Vulnerability mining plug-ins

3.1 fastjsonscan

Project address ：

https://github.com/zilong3033/fastjsonScan

Introduce ： Automatic scanning fastjson Vulnerable plug-ins

3.2 shiroscan

Project address ：

https://github.com/pmiaowu/BurpShiroPassiveScan

Introduce ： Automatic scanning shiro Vulnerable plug-ins

3.3 log4jscan

Project address ：

https://github.com/f0ng/log4j2burpscanner

Introduce ： Automatic scanning log4j2 Vulnerable plug-ins

3.4 jwt

Project address ：

https://github.com/ozzi-/JWT4B

Introduce ： test jwt Related loopholes , It can be installed directly in the official plug-in library

3.5 APIKit

Project address ：

https://github.com/API-Security/APIKit

Introduce ： Take the initiative / Passive scanning finds application leaks API file , And will API The document is parsed into BurpSuite The packets in are used for API Security testing

Support at this stage

GraphQL

OpenAPI-Swagger

SpringbootActuator

SOAP-WSDL

3.6 J2EEScan

Project address ：

https://github.com/ilmila/J2EEScan

Introduce ： J2EE Application vulnerability scanning plug-in , It can be installed directly in the official plug-in library

3.7 Struts2-RCE

Project address ：https://github.com/prakharathreya/Struts2-RCE

Non passive proxy scan , The security personnel are required to manually send the request package to the plug-in for detection during the test . If found .action、.do Suffix at the end , Or fingerprint identification struts frame , You can use plug-ins to detect .

3.8 wooyun-payload

Project address ：https://github.com/boy-hack/wooyun-payload

boy-hack A plug-in developed by the boss to find the black cloud vulnerability Library . adopt http Request the domain name in the package , route , Parameters to obtain similar vulnerability information in the dark cloud history vulnerability .

Fastjson-Scanner（ Passive scanning ）

Project address ：https://github.com/p1g3/Fastjson-Scanner

The plug-in uses a passive proxy to scan , Yes get/post What happened in json Format data for vulnerability detection , Such as ：

The plug-in uses a passive proxy to scan , Yes get/post What happened in json Format data for vulnerability detection , Such as ：

GET /?json={
    "fastjson":"example"}

POST /

...

{
    "fastjson":"example"}

The plug-in uses poc as follows ：

fastjson_poc = '{
    {"@type":"java.net.URL","val":"http://%s"}:"x"}' % val

Others will follow payload Add for , And the detected flow is de duplicated , Prevent multiple tests from causing IP Ban, etc .

https://github.com/Prodject/BurpSuite-collections

0x04 Auxiliary plug-ins

4.1 403bypass

Project address ：

https://github.com/sting8k/BurpSuite_403Bypasser

Introduce ： use python Written to test bypass 403 Plug in for , Automatic scanning

4.2 chunked-coding-converter

Project address ：

https://github.com/c0ny1/chunked-coding-converter

Introduce ： It is mainly used for block transmission WAF

4.3 hackbar

Project address ：

https://github.com/d3vilbug/HackBar

Introduce ： And Firefox plugin hackbar similar , Provided some payload, It can be installed directly in the official plug-in library

burp linkage sqlmap

The fifth chapter ：Python To write BurpSuite plug-in unit