<\/p>\n\n\n\n
\u57fa\u672c\u529f\u80fd<\/p>\n\n\n\n
\u5c08\u696d\u7248\u6709\u53e6\u5916\u63d0\u4f9b\u4ee5\u4e0b\u529f\u80fd<\/p>\n\n\n\n
<\/p>\n\n\n\n
refer <\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u5c07\u8acb\u6c42\u50b3\u9001\u5230 \u5728\u91cd\u9001\u7fa4\u7d44\u4e2d\u6709\u4ee5\uff13\u7a2e\u767c\u9001\u65b9\u5f0f\uff0c\u9078\u64c7 <\/p>\n\n\n\n refer \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5230 \u5047\u5982\u6211\u53ea\u60f3\u5728intercept\u529f\u80fd\u4e2d\u6514\u622awww.google.com\u7684\u8acb\u6c42,\u898f\u5247\u53ef\u4ee5\u9019\u6a23\u8a2d\u5b9a refer <\/p>\n\n\n\n <\/p>\n\n\n\n \u5230 \u4f8b\u5982, type\u4fdd\u6301request header \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5230 \u5728 \u5728\u5c0d\u8a71\u7a97\u4e2d\u9078\u64c7 \u5728\u5c0d\u8a71\u7a97\u4e2d\u9078\u64c7 \u5728 \u9078\u5b8c\u5f8c\u6309 \u7de8\u8f2f\u5b8c\u5f8c\u53ef\u4ee5\u9ede\u64ca <\/p>\n\n\n\n \u61c9\u7528\u5834\u666f\u5305\u542b\u767b\u5165\u5f8c\u6383\u63cf,\u53ef\u53c3\u8003\u4ee5\u4e0b <\/p>\n\n\n\n refer \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5230 \u5728logging\u5340\u57df\u4e2d\u53ef\u4ee5\u9078\u64c7\u54ea\u4e9b\u529f\u80fd\u8981\u7522\u751f\u65e5\u5fd7<\/p>\n\n\n\n \u65e5\u5fd7\u5167\u5bb9\u5927\u81f4\u5982\u4e0b<\/p>\n\n\n\n ps: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5c08\u696d\u7248\u624d\u6709\u7684\u529f\u80fd<\/p>\n\n\n\n \u5230 \u63a5\u8457\u5c31\u53ef\u4ee5\u5728\u6307\u5b9a\u7db2\u7ad9\u5167\u641c\u5c0b\u5404\u7a2e\u654f\u611f\u76ee\u9304\uff0c\u50cf\u662fbackup, admin\u76ee\u9304\u7b49<\/p>\n\n\n\n \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5c08\u696d\u7248\u624d\u6709\u7684\u529f\u80fd<\/p>\n\n\n\n \u5230 \u63a5\u8457\u5c31\u53ef\u4ee5\u5728\u6307\u5b9a\u7db2\u7ad9\u5167\u641c\u5c0b\u8a3b\u89e3\u5167\u7684\u5404\u7a2e\u654f\u611f\u4fe1\u606f<\/p>\n\n\n\n \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u5c08\u696d\u7248\u624d\u6709\u7684\u529f\u80fd<\/p>\n\n\n\n \u5728\u4efb\u4f55\u8acb\u6c42\u4e2d\u6309\u53f3\u9375\u9078 \u5982\u679c\u60f3\u8981\u6709\u81ea\u52d5\u63d0\u4ea4\u529f\u80fd, \u53ef\u900f\u904e \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n \u529f\u80fd \u63a2\u6e2c external service interaction\uff08\u5916\u90e8\u670d\u52d9\u4ea4\u4e92\u653b\u64ca\uff09<\/p>\n\n\n\n <\/p>\n\n\n\n \u529f\u80fd\u6e2c\u8a66\u53ef\u53c3\u8003: <\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u5728\u4ee3\u7406\u7684\u6a21\u5f0f\u4e0b\uff0c\u8a2d\u5b9a\u700f\u89bd\u5668\u53ef\u8a2a\u554fSSL<\/p>\n\n\n\n 1.\u8a2a\u554fhttp:\/\/burpsuite<\/p>\n\n\n\n 2.\u5728burpsuite\u8f38\u51faCA 3.\u5728chrome\u8a2d\u5b9a <\/p>\n\n\n\n refer <\/p>\n\n\n\n <\/p>\n\n\n\n Burp Suite\u529f\u80fd\u6982\u8981\uff1a \u57fa\u672c\u529f\u80fd \u5c08\u696d\u7248\u6709\u53e6\u5916\u63d0\u4f9b\u4ee5 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[369],"tags":[3],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry","category-red-team","tag-tool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":1,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"predecessor-version":[{"id":2405,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/16\/revisions\/2405"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
https:\/\/ithelp.ithome.com.tw\/articles\/10214839<\/a>
https:\/\/t0data.gitbooks.io\/burpsuite\/content\/chapter3.html<\/a>
https:\/\/portswigger.net\/support\/how-to-use-burp-suite<\/a>
https:\/\/portswigger.net\/support\/configuring-your-browser-to-work-with-burp<\/a><\/p>\n\n\n\n
\n\n\n\n\u9032\u968e\u4f7f\u7528\u65b9\u5f0f<\/h2>\n\n\n\n
\u4f7f\u7528\u689d\u4ef6\u7af6\u901f\u540c\u6642\u767c\u9001\u8acb\u6c42<\/h3>\n\n\n\n
repeater<\/code>\u529f\u80fd\uff0c\u7136\u5f8c\u5efa\u7acb\u7fa4\u7d44\uff0c\u628a\u591a\u500b\u8acb\u6c42\u79fb\u5230\u7fa4\u7d44\u4e2d<\/p>\n\n\n\nparallel<\/code>\u5c31\u53ef\u4ee5\u5be6\u73fe\u689d\u4ef6\u7af6\u901f\u540c\u6642\u8acb\u6c42<\/p>\n\n\n\n\n
https:\/\/portswigger.net\/burp\/documentation\/desktop\/tools\/repeater\/send-group<\/a><\/p>\n\n\n\n
lab: limit overrun race conditions<\/p>\n\n\n\n
\n\n\n\n\u6307\u5b9a\u6514\u622a\u898f\u5247<\/h3>\n\n\n\n
proxy<\/code>> proxy setting<\/code> > request interception rules<\/code> ,\u9ede\u64caadd<\/code>\u5f8c\u53ef\u589e\u52a0\u898f\u5247<\/p>\n\n\n\n
boolean operator: And
match type: Domain name
match relationship: Matches
match condition: www.google.com<\/p>\n\n\n\n
https:\/\/www.cnblogs.com\/lsdb\/p\/9026109.html<\/a><\/p>\n\n\n\n
\n\n\n\n\u81ea\u52d5\u4fee\u6539\u6bcf\u6b21\u8acb\u6c42\u5167\u5bb9<\/h3>\n\n\n\n
proxy<\/code>> proxy setting<\/code> > Match and Replace<\/code> ,\u9ede\u64caadd<\/code>\u5f8c\u53ef\u589e\u52a0\u898f\u5247\u8abf\u6574\u6bcf\u6b21\u8acb\u6c42\u5167\u5bb9<\/p>\n\n\n\n
\u6211\u60f3\u6bcf\u6b21\u7d93\u904eproxy\u5f8c\u8acb\u6c42\u90fd\u5e36X-Custom-IP-Authorization: 127.0.0.1<\/code>,\u898f\u5247\u53ef\u8a2d\u5b9a\u5982\u4e0b<\/p>\n\n\n\n
match\u7dad\u6301\u7a7a\u767d
replace\u8f38\u5165X-Custom-IP-Authorization: 127.0.0.1<\/p>\n\n\n\n
Lab: Authentication bypass via information disclosure<\/p>\n\n\n\n
\n\n\n\n\u81ea\u52d5\u5316\u57f7\u884c\u591a\u500b\u8acb\u6c42<\/h3>\n\n\n\n
proxy<\/code>> proxy setting<\/code> >Sessions<\/code>, <\/p>\n\n\n\nSession Handling Rules<\/code>\u5340\u57df\u9ede\u64caadd<\/code>\u958b\u555fSession handling rule editor<\/code><\/p>\n\n\n\nscope <\/code>,\u4e26\u5728url scope<\/code>\u5340\u57df\u9078\u64c7Include all URLs<\/code><\/p>\n\n\n\ndetail<\/code>,\u4e26\u5728rule actions<\/code>\u5340\u57df\u9ede\u64caadd<\/code>\u9078Run a macro<\/code><\/p>\n\n\n\nSelect macro<\/code>\u5340\u57df\u4e2d\u9ede\u64caadd<\/code>\u4ee5\u958b\u555fMacro Recorder<\/code>,\u5728\u9019\u88e1\u53ef\u4ee5\u9078\u64c7\u4f60\u9700\u8981\u81ea\u52d5\u57f7\u884c\u7684\u5404\u7a2e\u8acb\u6c42,<\/p>\n\n\n\nok<\/code>\u5c31\u6703\u9032\u5165Macro Editor<\/code>,\u5728\u9019\u88e1\u53ef\u4ee5\u4f9d\u9700\u6c42\u5728Configure item<\/code>\u589e\u52a0custom parameter<\/code>\u4f86\u50b3\u905e\u4e0d\u540c\u8acb\u6c42\u4e4b\u9593\u7684\u503c<\/p>\n\n\n\nTest macro<\/code>\u89c0\u5bdf\u81ea\u52d5\u8acb\u6c42\u662f\u5426\u6b63\u5e38\u904b\u4f5c<\/p>\n\n\n\n
https:\/\/portswigger.net\/support\/configuring-burp-suites-session-handling-rules<\/a><\/p>\n\n\n\n
http:\/\/hackdig.com\/09\/hack-141296.htm<\/a>
https:\/\/xz.aliyun.com\/t\/3751<\/a><\/p>\n\n\n\n
Lab: 2FA bypass using a brute-force attack
Lab: Infinite money logic flaw<\/p>\n\n\n\n
\n\n\n\n\u7522\u751f\u65e5\u5fd7<\/h3>\n\n\n\n
setting<\/code>> project<\/code> >logging<\/code>, <\/p>\n\n\n\n======================================================\n17:24:48 http:\/\/systw.net:80 [1.1.1.1]\n======================================================\nGET \/home HTTP\/1.1\nHost:systw.net\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/94.0.4147.135 Safari\/537.36\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9<\/code><\/pre>\n\n\n\n
\u9019\u4e9b\u65e5\u5fd7\u53ef\u9935\u7d66sqlmap,\u5c0d\u65e5\u5fd7\u5167\u7684\u76ee\u6a19\u505a\u6aa2\u6e2c,\u6307\u4ee4\u70ba sqlmap -l burpsuitelog.txt<\/code><\/p>\n\n\n\n
\n\n\n\n\u7db2\u7ad9\u5167\u5bb9\u5c0b\u627e<\/h3>\n\n\n\n
target > site map<\/code> \u9078\u64c7\u6307\u5b9a\u7db2\u7ad9\u5f8c\u53f3\u9375\u9078 Engagement tools<\/code> > Discover content<\/code> <\/p>\n\n\n\n
Lab: Source code disclosure via backup files
Lab: Inconsistent handling of exceptional input
Lab: Inconsistent security controls<\/p>\n\n\n\n
\n\n\n\n\u8a3b\u89e3\u641c\u5c0b<\/h3>\n\n\n\n
target > site map<\/code> \u9078\u64c7\u6307\u5b9a\u7db2\u7ad9\u5f8c\u53f3\u9375\u9078 Engagement tools<\/code> > Find comments<\/code> <\/p>\n\n\n\n
Lab: Information disclosure on debug page<\/p>\n\n\n\n
\n\n\n\n\u81ea\u52d5\u7522\u751fCSRF HTML<\/h3>\n\n\n\n
Engagement tools<\/code> > Generate CSRF PoC<\/code> \u5c31\u53ef\u4ee5\u7522\u751f\u4e00\u500bcsrf HTML, <\/p>\n\n\n\noption<\/code>\u5c07auto-submit script<\/code>\u52a0\u5165,\u5728\u6309Regenerate<\/code>\u5373\u53ef\u7522\u751f<\/p>\n\n\n\n
Lab: CSRF vulnerability with no defenses<\/p>\n\n\n\n
\n\n\n\nBurp Collaborator \u6a21\u7d44<\/h3>\n\n\n\n
\n
Lab: Blind SQL injection with out-of-band data exfiltration
Lab: Blind OS command injection with out-of-band interaction
Lab: Blind OS command injection with out-of-band data exfiltration<\/p>\n\n\n\n
\n\n\n\n\u4f7f\u7528\u524d\u8a2d\u5b9a<\/h2>\n\n\n\n
burpsuite: proxy->option->proxy listeners, import\/export CA certificate
CA certificate: export, certificate in der format, next-> choose export path<\/p>\n\n\n\n
chrome:\u8a2d\u7f6e\u9078\u9805->\u7ba1\u7406\u8b49\u66f8
\u8b49\u66f8:\u5728\u53d7\u4fe1\u4efb\u4e00\u6b04\u4f4d\u4e2d\u9078\u64c7\u5c0e\u5165,\u5c07\u525b\u624d\u4fdd\u5b58\u5728\u672c\u5730\u7684\u8b49\u66f8\u5c0e\u5165\u9032\u53bb\u5373\u53ef<\/p>\n\n\n\n
https:\/\/blog.csdn.net\/sinat_25449961\/article\/details\/51585919<\/a>
https:\/\/portswigger.net\/burp\/documentation\/desktop\/external-browser-config\/certificate\/ca-cert-chrome-windows<\/a><\/p>\n\n\n\n <\/h2>\n","protected":false},"excerpt":{"rendered":"