Scan Tool-burpsuite
Public module
0, Spider Crawl
Crawl manually
Disable the truncation feature first
Manually Click All connections in the page, submit the data to the place, commit "no matter what"
Auto Crawl "parameter settings"
Specifies the crawl path, otherwise the other subdirectories will be crawled to the right-click, Add Scope
#爬网参数设置
# # #爬到页面中仍需要身份认证的页面, you need to repeat the input or ignore it.
#可导出
####################################################################
Burpsuite supports two crawl content or directory comparison, can determine whether there is access control defects, ordinary users can access high-privileged users
#####################################################################
1. Active scanning
Parameters
Begin
#扫描组件 "but easy to cause instability, should be used after unloading"
2, intruder "fuzzy test"
# #攻击类型
1, sniper each variable to insert
2, battering ram two positions of the same value
3, Pitchfork must specify two files, each corresponding
4, Cluster bomb Specify two dictionaries, one to many
#########################################################################
Burpsuite cannot use the return value length or status code to determine whether the account password is correct. Can be judged by filtering the response content as U-character characters on the login page, or by setting the match feature character "Remove Ignore HTTP Header option"
################################################################
3, Repeater
Each function module "target/request history" information can be opened by right-click->sent Repeater
1, # # #可以进行SQL注入的测试 "Wherever there are variables can be tested."
#Change Request method to change the requested mode "post->get; Get->post "
#Change Body Encoding "or copy as CRL command" (Curl: A powerful command-line tool, curl)
*********************************************************************************************
2. # #对怀疑存在CSRF漏洞的页面
Generate its code, save it, commit it locally, or execute it directly
3. Repeater Menu
#重定向Follow redirections
#读取cookie, identity authentication Process cookies in Reirections
4. Sequencer sequence
Identifying predictable data in the analysis program
Session Cookies
#将含有cookie信息的数据sent Sequencer
# # #burpsuite会对其结果进行判断, analysis of generated reports
ANTI-CSRF Tokens
Start Live Capture
Analyze (more data more accurate)
Pseudo-random number algorithm (objective: to generate seemingly random sessid, if the algorithm is not strong enough to pre-judge anyone's SessionID)
Character-level
Bit-level
fips-U.S. Federal Information Processing standards (Federal Information Processing Standard)
5, encoding "(Mixed mode encoding) for injection attacks, to prevent the Web application filter"
6, comparer content comparison "has the guide"
##########################################################################################
Truncation Agent Tool
Paros "Kali integration, poor functionality, but the first tool to propose the idea of truncation agent"
Webscrab "similar to Burpsuite"
Burpsuite
Small white diary 34:kali Penetration Testing Web penetration-Scan Tool-burpsuite (ii)