当前位置:网站首页>Learn to punch in Web
Learn to punch in Web
2022-07-06 20:11:00 【Five five six six_ Pendulum machine 0524】
Hetian network security laboratory
2022.7.5
Use burp Punch in with brute force
burpsuite
burp It is equivalent to adding a layer of proxy at the middle end of the browser sending requests to the server , The request sent will be intercepted
burpsuite Set listening port :
burp:Proxy-Options, Local 8080 The port is selected by default , You can add another Add
Local : Control panel - The Internet and Internet-Internet Options - Connect - LAN settings - proxy server
Proxy-Intercept-Intercept is on, Then start visiting the website , Click after interception forward, This package is sent from the proxy to the server , The results returned by the server will still be recorded , Click on drop This bag will be thrown away
compare The module compares the two packets
Right click on the packet send to comparer,Comparer-Words/Bytes
repeater Module replay analysis response
Right click on the packet send to repeater,Repeater-Go, The right side returns the server's response
intruder Module burst
Right click on the packet send to intruder,Target Set to explode host Address and port number ,positions Of Add$ Field blasting point ,Payloads Set the type of blasting fill ,Load Add Dictionary
CTFweb Subtotal two punch
see HTTP Original request package and response package
F12-network- Click on php
style=“display:none” Hidden elements
Used to hide an element ,none Change it to block You can unhide
●display:none --- Do not reserve physical space for hidden objects , That is, the object disappears completely on the page , Generally speaking, you can't see or touch .
●visible:hidden--- Make objects invisible on Web pages , However, the space occupied by the object on the web page has not changed , Generally speaking, you can't see but feel .
come from display:none_harry5508 The blog of -CSDN Blog _display:none
边栏推荐
- Oceanbase Community Edition OBD mode deployment mode stand-alone installation
- Database specific interpretation of paradigm
- Introduction of Xia Zhigang
- [calculating emotion and thought] floor sweeper, typist, information panic and Oppenheimer
- 腾讯T3手把手教你,真的太香了
- Vscode debug run fluent message: there is no extension for debugging yaml. Should we find yaml extensions in the market?
- Alibaba数据源Druid可视化监控配置
- 腾讯字节等大厂面试真题汇总,网易架构师深入讲解Android开发
- Ideas and methods of system and application monitoring
- Crawler (14) - scrape redis distributed crawler (1) | detailed explanation
猜你喜欢
Selenium advanced operations
Transformer model (pytorch code explanation)
Standardized QCI characteristics
Cesium 点击绘制圆形(动态绘制圆形)
Tencent Android interview must ask, 10 years of Android development experience
HMS Core 机器学习服务打造同传翻译新“声”态,AI让国际交流更顺畅
Enumeration gets values based on parameters
Information System Project Manager - Chapter VIII project quality management
系统与应用监控的思路和方法
Pay attention to the partners on the recruitment website of fishing! The monitoring system may have set you as "high risk of leaving"
随机推荐
范式的数据库具体解释
Recursive implementation of department tree
爬虫(14) - Scrapy-Redis分布式爬虫(1) | 详解
5. 無線體內納米網:十大“可行嗎?”問題
小微企业难做账?智能代账小工具快用起来
数据的同步为每个站点创建触发器同步表
redisson bug分析
Is it difficult for small and micro enterprises to make accounts? Smart accounting gadget quick to use
夏志刚介绍
How to handle the timeout of golang
Monthly report of speech synthesis (TTS) and speech recognition (ASR) papers in June 2022
报错分析~csdn反弹shell报错
颜色(color)转换为三刺激值(r/g/b)(干股)
持续测试(CT)实战经验分享
BeagleBoneBlack 上手记
PowerPivot——DAX(初识)
Guangzhou's first data security summit will open in Baiyun District
logstash高速入口
Database specific interpretation of paradigm
What happened to the kernel after malloc() was transferred? Attached malloc () and free () implementation source