Burp Suite Official website ：https://portswigger.net/burp

Official documents ：https://portswigger.net/burp/documentation/desktop

Complete documentation ：https://portswigger.net/burp/documentation/contents

Burp Suite Practical Study ：https://t0data.gitbooks.io/burpsuite/content/

1、 install

burpsuite It's an attack Web Application integration platform . Powerful , It's a penetration test artifact ...

• Burpsuite Installation and localization ：https://www.cnblogs.com/w1304099880/p/15031242.html
• Java Environmental Science ：https://repo.huaweicloud.com/java/jdk/
• Address ：https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases

java Installation and environment configuration .

1.  download java file .

2. Double click the downloaded file , Select installation path .（ D:\Program Files\Java ）

3. Configure environment variables . To configure jdk Environmental Science ：

• Add system environment variable JAVA_HOME：D:\Program Files\Java\jdk-11.0.12
• Add to Path：;%JAVA_HOME%\bin;

4. Verify that the installation was successful .win + r  --->  cmd , Then input java -version

java8 Need configuration classpath,java11 No configuration required classpath

install burp pro

Double-click the downloaded exe Executable file , Select installation path .（D:\BurpSuitePro）

1. Move the downloaded tool to burp Installation path .

2. double-click BurpLoaderKeygen.jar, Click on Run,burp function .

3. hold BurpLoaderKeygen.jar  Medium Liscense Copy the content to the window that appears , Click next .

4. Click on NEXT, Click again on the Mannal Activation

5.  choice copy request, Copied to the  Activation Request in , return Activation Response value .

6. hold Activation Response Values are copied to burp in , Click on Next.

7. success .

burpsuite pro Sinicization

Loader Keygen Chinese three in one , Support detection Burp to update , Auto start Burp.

Some Chinese translations are not quite right , Chinese is not recommended ...

2、 Official documents

2.1 burpsuite introduction

Step 1: download 、 install

Step 2: Use Burp Of Proxy function , Intercept http、https

Step 3: Use  Burp Of Proxy function , modify request ( request )

Step 4: Use Burp Of Repeater function , Reissue the request

Step 5: Run the first scan

Step 6: What next?

• Step 1: Download and install
• Step 2: Intercept HTTP traffic with Burp Proxy
• Step 3: Modify requests with Burp Proxy
• Step 4: Reissue requests with Burp Repeater
• Step 5: Run your first scan [Pro only]
• Step 6: What next?

2.2 understand  burpsuite

Burp Of Proxy function

Burp Of Repeater function

Burp Of Intruder function

Burp Collaborator client

Burp Of scanning

see Burp All functions of

• Burp Proxy
• Burp Repeater
• Burp Intruder
• Burp Collaborator client [Pro only]
• Burp Scanner [Pro only]
• View all Burp's tools

2.3 Burp course

Intercept HTTP Requests and responses

Use Burp Scanner Enhanced manual testing

Use Burp Repeater Resend a single request

Scan the website for vulnerabilities

stay Burp Suite Use real-time tasks in

Use Burp Suite project

Use Burp Suite Project options

Browse Burp Suite The user interface

Use Burp Proxy Blocking rules for

stay Burp Suite Target range used in

Use Burp Suite test WebSocket

Reduce noise during manual testing

Use Burp Intruder Force login

Use Burp Intruder Enumerate subdomains

Use Logger see Burp Extend the request sent

Use Burp Repeater Test reflex XSS

Use Burp Proxy matching and substitution deceive you IP Address

Use Burp Intruder Fill in the voucher

Use Burp Collaborator Test for asynchronous vulnerabilities

• Intercepting HTTP requests and responses
• Augmenting manual testing using Burp Scanner
• Resending individual requests with Burp Repeater
• Scanning a website for vulnerabilities
• Using live tasks in Burp Suite
• Using Burp Suite projects
• Using Burp Suite project options
• Touring the Burp Suite user interface
• Using Burp Proxy's interception rules
• Using target scope in Burp Suite
• Testing WebSockets with Burp Suite
• Reducing noise during manual testing
• Brute forcing a login with Burp Intruder
• Enumerating subdomains with Burp Intruder
• Viewing requests sent by Burp extensions using Logger
• Testing for reflected XSS using Burp Repeater
• Spoofing your IP address using Burp Proxy match and replace
• Credential stuffing using Burp Intruder
• Testing for asynchronous vulnerabilities using Burp Collaborator

2.4 How do I

set range

Save my work

Search for

Use custom configuration

Arrange a task

Compare site maps

Use content discovery

Testing mobile applications

test WebSocket

Use HTTP/2 Test website

• Set the scope
• Save my work [Pro only]
• Search [Pro only]
• Work with custom configurations
• Schedule tasks
• Compare site maps
• Use content discovery
• Test mobile applications
• Test WebSockets
• Test a website using HTTP/2

2.5  Useful features

Message editor

Check

Burp Browser

Burp Collaborator client

URL matching rules

CSRF PoC generator

See all the useful features

• Message editor
• Inspector
• Burp's browser
• Burp Collaborator client [Pro only]
• URL matching rules
• CSRF PoC generator
• View all useful functions

2.6 burp Expand function

see all Expand

establish Customize Expand

• View all Burp extensions
• Create your own extension

2.7 Options 、 Preference Set up

：Burp Suite options - PortSwigger

2.8 Training 、 practice

：Burp Suite Training - PortSwigger

2.9 troubleshooting

：Troubleshooting common errors within Burp Suite - PortSwigger

3、BurpSuite The plugin is recommended

From：https://blog.csdn.net/qq_28205153/article/details/113829654

BurpSuite Is the most powerful Web Penetration tools , Not one of them. ！ It is also the most commonly used tool in daily life , It has some powerful plug-ins that can help reduce a lot of workload and better exploit vulnerabilities , Today, share some of my common burp plug-in unit .

Autorize --- Powerful ultra vires automated testing tool

If you are testing ultra vires , Or manually URL Copy to another browser's low permission account to open , You just out 了 ！Autorize It is a plug-in for testing permission problems , You can set a low permission account in the plug-in cookie , Then use a high-level account to browse all functions ,Autorize Will automatically use a low privilege account cookie Replay request , At the same time, it will also send one without cookie To test whether it can be accessed without logging in .

The plug-in can be directly in Bapp Store install .

Turbo Intruder --- Send a large number of requests in a short time

If you still use burp Of intruder Function to blow up the password , Test concurrency , Blasting catalogue, then you out 了 ！

Turbo Intruder yes Intruder The enhancement of , It can send a large number of http request , The specific speed depends on your network speed , Even in poor public networks , It can also send hundreds of requests per second .

Use Turbo Intruder We can explode a million level password dictionary and directory dictionary in a few minutes , You can also send dozens of concurrent requests in an instant to test the concurrency vulnerability .

The plug-in can be directly in Bapp Store install .

To insert payload Add one where you can %s , Then add a custom processing script in the following window to start blasting .

Software Vulnerability Scanner --- Automatically find according to the version number CVE

A scanner enhancement plug-in , It will check some software version information of the website , And then through vulners.com To query the corresponding vulnerability database CVE Number , The results found will be displayed on the vulnerability panel , We don't need to find a certain version by ourselves CVE .

The plug-in can be directly in Bapp Store install .

Scan Check Builder --- Custom scan payload

Scan Check Builder Namely Burp Bounty , It provides a very simple way to burp Add custom scanning payload . In this way, we can deal with some burp Vulnerabilities not covered are added payload, And generate the corresponding vulnerability scanning results .

The plug-in can be directly in Bapp Store install .

Logger++ --- More powerful request history viewer

Logger++ You can view the requests sent by all tools , Such as repeater, intruder, scanner, Plug-ins, etc. . In this way, we can see some of the scanning payload, And monitor the response of the website background during scanning .

The plug-in can be directly in Bapp Store install .

Brida --- Connect frida And burpsuite

Brida It's a plug-in I like very much , It can connect frida And burpsuite ,hook Artifact frida In mobile APP It plays a very important role in the infiltration of , For example, bypass ssl pinning , Automatic encryption and decryption APP Request content of . We can put some commonly used frida The script is placed in Brida On the script , And then through Brida start-up APP To infiltrate . You may write an article later to introduce how to use Brida.

The plug-in can be directly in Bapp Store install .

J2EEScan --- Powerful J2EE Background scan plug-in

J2EEScan Is a scanner enhancement plug-in , You can scan through this plug-in J2EE Loophole , Such as weblogic、struts2 、 jboss Etc . The only drawback is to stop updating , Only 17 The loophole of

The plug-in can be directly in Bapp Store install .

sqlmap4burp++ --- Connect burpsuite And sqlmap

sqlmap4burp++ It's compatible Windows,mac,linux Multiple system platforms Burp And sqlmap Linkage plug-ins . It is convenient to call sqlmap To scan .

The plug-in address is as follows ：https://github.com/c0ny1/sqlmap4burp-plus-plus

Knife --- hold-all 、 Customize payload

Knife The main purpose of plug-ins is to burp Make some small improvements , More convenient to use . I like it better dissmiss Function and hackbar ++ function , dissmiss It's convenient to let burp Do not block requests for a domain name , and hackbar++ There's a lot of payload , Can be conveniently in repeater Insert payload, And you can add custom inserts payload.

The address of the plug-in is ：https://github.com/bit4woo/knife

CSRF Token Tracker --- Bypass CSRF Limit  

CSRF Token Tracker It can automatically get csrf Of token, For some there is csrf Restricted requests , It can bypass this limitation , Such as violence PJ have csrf token Login request for .

The plug-in can be directly in Bapp Store install .

JSON Beautifier --- Format view json

format json Formatted data , In the view json Very easy to use when requesting .

The plug-in can be directly in Bapp Store install .

Decompressor --- Automatic decoding and modification gzip Compressed package

Decompressor It can be automatically decoded, modified and used gzip Compressed request data . Sometimes websites send data using gzip Compressed , Make us in burp The request seen on is garbled , And the request data cannot be modified ,Decompressor Can help us automatically decode to check , And the data can be modified in an uncompressed way , Then automatically compress .

The plug-in can be directly in Bapp Store install .

Wsdler --- test WSDL request

Wsdler Can be parsed WSDL request , For use repeater and scanner Yes WSDL Request to test .

The plug-in can be directly in Bapp Store install .