Small white diary 34:kali Penetration Testing Web penetration-Scan Tool-burpsuite (ii)

Scan Tool-burpsuite

Public module

0, Spider Crawl

Crawl manually

Disable the truncation feature first

Manually Click All connections in the page, submit the data to the place, commit "no matter what"

Auto Crawl "parameter settings"

Specifies the crawl path, otherwise the other subdirectories will be crawled to the right-click, Add Scope

#爬网参数设置

# # #爬到页面中仍需要身份认证的页面, you need to repeat the input or ignore it.

#可导出

####################################################################

Burpsuite supports two crawl content or directory comparison, can determine whether there is access control defects, ordinary users can access high-privileged users

#####################################################################

1. Active scanning

Parameters

Begin

#扫描组件 "but easy to cause instability, should be used after unloading"

2, intruder "fuzzy test"

# #攻击类型

1, sniper each variable to insert

2, battering ram two positions of the same value

3, Pitchfork must specify two files, each corresponding

4, Cluster bomb Specify two dictionaries, one to many

#########################################################################

Burpsuite cannot use the return value length or status code to determine whether the account password is correct. Can be judged by filtering the response content as U-character characters on the login page, or by setting the match feature character "Remove Ignore HTTP Header option"

################################################################

3, Repeater

Each function module "target/request history" information can be opened by right-click->sent Repeater

1, # # #可以进行SQL注入的测试 "Wherever there are variables can be tested."

#Change Request method to change the requested mode "post->get; Get->post "

#Change Body Encoding "or copy as CRL command" (Curl: A powerful command-line tool, curl)

*********************************************************************************************

2. # #对怀疑存在CSRF漏洞的页面

Generate its code, save it, commit it locally, or execute it directly

3. Repeater Menu

#重定向Follow redirections

#读取cookie, identity authentication Process cookies in Reirections

4. Sequencer sequence

Identifying predictable data in the analysis program

Session Cookies

#将含有cookie信息的数据sent Sequencer

# # #burpsuite会对其结果进行判断, analysis of generated reports

ANTI-CSRF Tokens

Start Live Capture

Analyze (more data more accurate)

Pseudo-random number algorithm (objective: to generate seemingly random sessid, if the algorithm is not strong enough to pre-judge anyone's SessionID)

Character-level

Bit-level

fips-U.S. Federal Information Processing standards (Federal Information Processing Standard)

5, encoding "(Mixed mode encoding) for injection attacks, to prevent the Web application filter"

6, comparer content comparison "has the guide"

##########################################################################################

Truncation Agent Tool

Paros "Kali integration, poor functionality, but the first tool to propose the idea of truncation agent"
Webscrab "similar to Burpsuite"
Burpsuite

Small white diary 34:kali Penetration Testing Web penetration-Scan Tool-burpsuite (ii)