BurpSuitePro
前言
web渗透利器工具BurpSuite
官方手册:https://portswigger.net/burp/documentation/desktop/burps-layout
BurpSuitePro下载
https://portswigger.net/burp/releases
BurpSuitePro 激活
- 使用BurpLoaderKeygen.jar激活
- 编辑BurpSuitePro.vmoptions
# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# -Xmx512m
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]
-Xmx8G
-XX:MaxRAMPercentage=50
-include-options user.vmoptions
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED
-javaagent:BurpLoaderKeygen.jar
-noverify
-Dsun.java2d.dpiaware=true
-Dsun.java2d.uiScale=1.50
-Dsun.java2d.d3d=false
BurpSuitePro Tips
TLS
*\\.google\\.com
.*\\.gstatic\\.com
.*\\.googleapis\\.com
.*\\.google-analytics\\.com
.*\\.googletagmanager\\.com
.*\\.googletagservices\\.com
History Filter
Bambdas
// Lists of vulnerable parameters based on OWASP Top 25
String[] ssrfParams = {"dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", "out=", "view=", "dir="};
String[] sqlParams = {"id=", "page=", "report=", "dir=", "search=", "category=", "file=", "class", "url=", "news=", "item=", "menu=", "lang=", "name=", "ref=", "title=", "view=", "topic=", "thread=", "type=", "date=", "form=", "main=", "nav=", "region="};
String[] xssParams = {"q=", "s=", "search=", "id=", "lang=", "keyword=", "query=", "page=", "keywords=", "year=", "view=", "email=", "type=", "name=", "p=", "month=", "image=", "list_type=", "url=", "terms=", "categoryid=", "key=", "l=", "begindate=", "enddate="};
String[] lfiParams = {"cat=", "dir=", "action=", "board=", "date=", "detail=", "file=", "download=", "path", "folder=", "prefix=", "include=", "page=", "inc=", "locate=", "show=", "doc=", "site=", "type=", "view=", "content=", "document=", "layout=", "mod=", "conf="};
String[] orParams = {"next=", "url=", "target=", "rurl=", "dest=", "destination=", "redir=", "redirect_uri", "redirect_url=", "redirect=", "out=", "view=", "to=", "image_url=", "go=", "return=", "returnTo=", "return_to=", "checkout_url=", "continue=", "return_path="};
String[] rceParams = {"cmd=", "exec=", "command=", "execute=", "ping=", "query=", "jump=", "code", "reg=", "do=", "func=", "arg=", "option=", "load=", "process=", "step=", "read=", "feature=", "exe=", "module=", "payload=", "run=", "print="};
// the logic
if (requestResponse.request().url() != null) {
String requestUrl = requestResponse.request().url();
String requestBody = requestResponse.request().bodyToString();
String[][] allParams = {ssrfParams, sqlParams, xssParams, lfiParams, orParams, rceParams};
int queryStart = requestUrl.indexOf("?");
String queryString = "";
if (queryStart != -1 && queryStart < requestUrl.length() - 1) {
queryString = requestUrl.substring(queryStart + 1);
}
String[] allInputParams = (queryString + "&" + requestBody).split("&");
// Check each parameter against the lists of vulnerable parameters
for (String inputParam : allInputParams) {
for (String[] paramArray : allParams) {
for (String param : paramArray) {
if (inputParam.startsWith(param)) {
return true;
}
}
}
}
}
return false;
BurpSuitePro Plugins
- GitHub - gh0stkey/HaE: HaE - Highlighter and Extractor, 赋能白帽 高效作战
- GitHub - PortSwigger/403-bypasser
- Turbo Intruder
- https://github.com/bit4woo/knife
BurpSuitePro Books
https://t0data.gitbooks.io/burpsuite/content/
https://www.pa55w0rd.online/burp/
https://github.com/lilifengcode/Burpsuite-Plugins-Usage