BurpSuitePro

前言

web渗透利器工具BurpSuite
官方手册：https://portswigger.net/burp/documentation/desktop/burps-layout

BurpSuitePro下载

https://portswigger.net/burp/releases

BurpSuitePro 激活

1. 使用BurpLoaderKeygen.jar激活
2. 编辑BurpSuitePro.vmoptions

# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# -Xmx512m
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]
-Xmx8G
-XX:MaxRAMPercentage=50
-include-options user.vmoptions
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED
--add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED
-javaagent:BurpLoaderKeygen.jar
-noverify
-Dsun.java2d.dpiaware=true
-Dsun.java2d.uiScale=1.50
-Dsun.java2d.d3d=false

BurpSuitePro Tips

TLS

*\\.google\\.com
.*\\.gstatic\\.com
.*\\.googleapis\\.com
.*\\.google-analytics\\.com
.*\\.googletagmanager\\.com
.*\\.googletagservices\\.com

History Filter

Bambdas

// Lists of vulnerable parameters based on OWASP Top 25
String[] ssrfParams = {"dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", "out=", "view=", "dir="};
String[] sqlParams = {"id=", "page=", "report=", "dir=", "search=", "category=", "file=", "class", "url=", "news=", "item=", "menu=", "lang=", "name=", "ref=", "title=", "view=", "topic=", "thread=", "type=", "date=", "form=", "main=", "nav=", "region="};
String[] xssParams = {"q=", "s=", "search=", "id=", "lang=", "keyword=", "query=", "page=", "keywords=", "year=", "view=", "email=", "type=", "name=", "p=", "month=", "image=", "list_type=", "url=", "terms=", "categoryid=", "key=", "l=", "begindate=", "enddate="};
String[] lfiParams = {"cat=", "dir=", "action=", "board=", "date=", "detail=", "file=", "download=", "path", "folder=", "prefix=", "include=", "page=", "inc=", "locate=", "show=", "doc=", "site=", "type=", "view=", "content=", "document=", "layout=", "mod=", "conf="};
String[] orParams = {"next=", "url=", "target=", "rurl=", "dest=", "destination=", "redir=", "redirect_uri", "redirect_url=", "redirect=", "out=", "view=", "to=", "image_url=", "go=", "return=", "returnTo=", "return_to=", "checkout_url=", "continue=", "return_path="};
String[] rceParams = {"cmd=", "exec=", "command=", "execute=", "ping=", "query=", "jump=", "code", "reg=", "do=", "func=", "arg=", "option=", "load=", "process=", "step=", "read=", "feature=", "exe=", "module=", "payload=", "run=", "print="};


// the logic 
if (requestResponse.request().url() != null) {
    String requestUrl = requestResponse.request().url();
    String requestBody = requestResponse.request().bodyToString();

    String[][] allParams = {ssrfParams, sqlParams, xssParams, lfiParams, orParams, rceParams};

    
    int queryStart = requestUrl.indexOf("?");
    String queryString = "";
    if (queryStart != -1 && queryStart < requestUrl.length() - 1) {
        queryString = requestUrl.substring(queryStart + 1);
    }

    String[] allInputParams = (queryString + "&" + requestBody).split("&");

    // Check each parameter against the lists of vulnerable parameters
    for (String inputParam : allInputParams) {
        for (String[] paramArray : allParams) {
            for (String param : paramArray) {
                if (inputParam.startsWith(param)) {
                    return true; 
                }
            }
        }
    }
}

return false;

BurpSuitePro Plugins

• GitHub - gh0stkey/HaE: HaE - Highlighter and Extractor, 赋能白帽 高效作战
• GitHub - PortSwigger/403-bypasser
• Turbo Intruder
• https://github.com/bit4woo/knife

BurpSuitePro Books

https://t0data.gitbooks.io/burpsuite/content/
https://www.pa55w0rd.online/burp/
https://github.com/lilifengcode/Burpsuite-Plugins-Usage

未完待续…