The use of Web application integration attack platform Burpsuite

Burpsuite is a powerful Web application integrated penetration platform with many uses. This time simply record a use, offend who please more magnanimous.

Open Burpsuite. Remember to open from the Burploader.jar, although there is no handsome welcome screen, but at least to avoid everywhere to ask the key is what the embarrassment.

In the Proxy-options tab, set the listener for the 127.0.0.1:8080 port. Also set the proxy server for the browser to 127.0.0.1:8080 (because the browser does not have "Internet Options", set the proxy server process is different, do not show here)

Select the Proxy-intercept tab, turn on the intercept is on status, and start listening.

In want to get account of the site (this time choose one of my favorite sites, "a house community" more offended ha, sorry), feel free to enter the user name and password.

After clicking "Sign In", we can see the entire contents of the packet we get. I had doubts before here. Password for ciphertext can continue to complete the attack, after years of experience in the use of tools, the answer is completely can attack, anyway, we know what we entered the password is what, then we change the user name on it, to worry about is not us but the server.

Next we send the content to the intruder module. Right-click Content-send to Intruder

Next set up the transmitter, the site has been synchronized with the original packet, port 80

In the Positions tab, we can set what we need to replace. Instead of looking at your own needs, the advice is this: first, clear all tags. Then select the content after username add, that is, only the user name is selected as the replacement label. Why do this, said before, password is ciphertext best not to move again.

Add a dictionary to the Payloads tab, Burpsuite comes with a 8000+ user name dictionary to use.

tab options can also set some of the transmitter interval and so on, basically do not modify what.

Next up is start attack.

To start the attack, we can sort the length in the process. You can see that several packets are longer than the other packets in just a few seconds, and yes, it's mostly a real account.

Select an already acquired user and try

Yes, that's right. Login is successful. (I'm sorry for the sauce ~ I didn't mean it ~ ~)

5. Problems and solutions:

Burpsuite has always been the penetration tool. When it comes to information security, you start using this guy, and it really is invincible. You can capture the packets you send, you can modify the content, you can set the number of times to send. Like this temporary "borrow" to the account to see things or for their favorite star to brush tickets can be fun to use. Do not worry about what "one IP can only vote one vote" nonsense ~ fool a child, someone else is to do a click button failure, we have burpsuite cut down their own data packet, unlimited sent to the good, silently to their support of the star Brush 3w+ ticket, pro-test feasible. As for the solution, I am afraid that in the server side really need to do a bit stronger. Can not establish a separate database to verify each data IP address or MAC address, but at least in a short period of time to limit the transmission from a certain IP ~ ~ can think of so much, interested can find me to burpsuite.

The use of Web application integration attack platform Burpsuite