Use of leak scanning (vulnerability scanning) tool burpsuite or burp Suite (with installation and installation package download of burpsuite+1.7.26)

Leak scanning tool Burpsuite perhaps Burp Suite Use （ attach Burpsuite+1.7.26 Installation and installation package download ）

• 1、 Introduce ：
• • Burp Suite It's for attacking web Application integration platform . It contains a lot of Burp Tools , These are different burp Tools work together , Sharing information effectively , Support attacks based on information in one tool for use by another tool . These tools design many interfaces , To facilitate the process of attacking applications . All tools share one that can handle and display HTTP news , persistence , authentication , agent , journal , A powerful and extensible framework for alerts . It's mainly used for security penetration testing , Such as scanning the potential vulnerabilities of the project .
• 2、Burpsuite Installation
• • （1） matters needing attention ： No need to install , Double click or use cmd Command line start , But the premise is that JDK. It is recommended to use cmd start-up , There will be many unpredictable errors when you double-click to start .
• • （2）x86 On the machine , Input cmd：（ It is recommended to run as an administrator ）
• • 
• • （3） adopt cmd Enter into Burp Suite Under the unzip directory of ：
• • 
• • （4） perform “java -javaagent:BurpUnlimited.jar -agentpath:lib/libfaketime64 -jar BurpUnlimited.jar”, If it is 32 Bit terminal , take 64 It is amended as follows 32;
• • 
• • The normal effect is ： On the right side Burp Suite start-up , left cmd The page will not report an error , If an error , Please customize Baidu to solve , There are probably two reasons ： No permission to read the file （ At this time, please run with the administrator cmd Can solve this problem ）; other java Error like Report ,JDK There is a problem with the version , Please uninstall completely JDK, reinstall .
• • （5） Choose a temporary project ：
• • 
• • 
• • （6） Overall page effect ：
• • 
• • For detailed functions of the page, please visit Baidu , Here's just how to use ：
• 3、Burp Suite Use ：
• • （1）：
• • 
• • （2）： Optional Protocol ：
• • 
• • （3）： Regular expression writing ： Access will be intercepted with 172.33.133.118 At the beginning , All requests at the end of any character （ Including synchronous and asynchronous ）. Port is 8081, Configure your own port number ;
• • 
• • （4）：
• • 
• • （5）：
• • 
• • （6）：
• • 
• • （7）： Correct renderings ： as follows , The default is selected .（ And it must be adjusted to the checked state before it can be used normally ）（ If you cannot select , Then the port you are binding to is being occupied by other programs , Release the port . Click again to check .） That is, your terminal cannot be a server , If your terminal uses 8081 Ports are deployed WEB project , Then you want to use your terminal Burp Suite binding 8081 Port to intercept your WEB request , That is impossible . All in all ,Burp Suite The port bound on cannot be occupied , And it needs to be connected with the port where the project is deployed on the target host （ Or the port of the server or website ） bring into correspondence with .
• • 
• • （8）： If it is https Request , Please Baidu and import CA certificate .http Please ignore this operation .
• • 
• • （9） Open the browser ： Set up browser proxy （ Take the example of Firefox ）： Port and port Burp Suite The ports on the are consistent , Agent set to 127.0.0.1, Not applicable agent needs to be empty .
• • 
• • （10） After setting up , Restart browser . Open the browser to access the target address （ You must use the browser that sets the proxy , Changing the browser requires resetting the proxy ）： The target address configured above ：172.33.133.118:8081/…, You should not be able to access （ Has been Burp Suite Intercept ）, If you can access , Please check the above steps or refer to the following operations .
• • 
• • （11）：
• • 
• • Click on Intercept is on Set its state to on , At this time, reuse the proxy browser that has been set , Access target , You can visit , And in Burp Suite Generate interceptions in ：
• • 
• • After the above steps are completed , All operations of accessing the target URL through the browser setting the proxy will be recorded ,Burp Suite Will automatically simulate your operation according to your operation to scan the target website .
• • You can view the details of each request , According to the scanned information, make vulnerability modification , It's not convenient for me to show here , If there is a problem , Please leave a message .
• • Download address ： download link ：（ Please leave a message ）
• • Extraction code ：16o0