Learn to punch in Web

Hetian network security laboratory

2022.7.5

Use burp Punch in with brute force

burpsuite

burp It is equivalent to adding a layer of proxy at the middle end of the browser sending requests to the server , The request sent will be intercepted

burpsuite Set listening port ：

burp：Proxy-Options, Local 8080 The port is selected by default , You can add another Add

Local ： Control panel - The Internet and Internet-Internet Options - Connect - LAN settings - proxy server

Proxy-Intercept-Intercept is on, Then start visiting the website , Click after interception forward, This package is sent from the proxy to the server , The results returned by the server will still be recorded , Click on drop This bag will be thrown away

compare The module compares the two packets

Right click on the packet send to comparer,Comparer-Words/Bytes

repeater Module replay analysis response

Right click on the packet send to repeater,Repeater-Go, The right side returns the server's response

intruder Module burst

Right click on the packet send to intruder,Target Set to explode host Address and port number ,positions Of Add$ Field blasting point ,Payloads Set the type of blasting fill ,Load Add Dictionary

CTFweb Subtotal two punch

see HTTP Original request package and response package

F12-network- Click on php

style=“display：none” Hidden elements

Used to hide an element ,none Change it to block You can unhide

●display:none --- Do not reserve physical space for hidden objects , That is, the object disappears completely on the page , Generally speaking, you can't see or touch .

●visible:hidden--- Make objects invisible on Web pages , However, the space occupied by the object on the web page has not changed , Generally speaking, you can't see but feel .

come from display:none_harry5508 The blog of -CSDN Blog _display:none