burp suite 安全工具
如果只在客户端进行一些校验,但是后台不校验,这样会有很多的安全隐患。
burpsuit HTML modification
Another interesting feature of Burp Proxy is the automatic HTML modification, that can be
activated and configured in the appropriate section within Burp Proxy | options. By using
this function, you can automatically remove JavaScript or modify HTML forms of all received
HTTP responses.
Some applications deploy client-side validation in the form of disabled HTML form fields or
JavaScript code. If you want to verify the presence of server-side controls that enforce specific
data formats, you would need to tamper the request with invalid data. In these situations, you
can either manually tamper the request in the proxy or enable HTML modification to remove
any client-side validation and use the browser in order to submit invalid data. This function can
be also used to display hidden form fields.
Let's see in practice how you can activate this feature:
1. In Burp Proxy, go to options, scroll down to the Rseponse modification section.
2. Numerous options are available in this section: unhide hidden form fields to display
hidden HTML form fields, enable disabled form fields to submit all input forms present
inside the HTML page, remove input field length limits to allow extra-long strings in
the text fields, remove JavaScript form validation to make Burp Proxy all onsubmit
handler JavaScript functions from HTML forms, remove all JavaScript to completely
remove all JS scripts and remove object tags to remove embedded objects within the
HTML document.
3. Select the desired checkboxes to activate automatic HTML modification.
Using this feature, you will be able to understand whether the web application enforces serverside
validation. For instance, some insecure applications use client-side validation only (for
example, via JavaScript functions). You can activate the automatic HTML modification feature
by selecting the remove JavaScript form validation checkbox in order to perform input
validation testing directly from your browser.
436
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
