burpsuite的大名早有耳闻,近日得见尊荣,倍感荣幸

问题:
burpsuite中文乱码何解?

如下图所示的问题,不是编码的问题,而是字体显示的问题。所以解决方法很简单,修改显示的字体就好了(但是黑体也太太丑了)。burpsuite默认字体:Courier New,将这个字体改为支持中文显示的字体就好了。
Courier :中文快递员的意思,可以理解为信使,也可以翻译成为快递小哥。

在这里插入图片描述

可以通过HTTP message display进行设置修改。
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述

burpsuite

与君初相识,犹如故人归。
burpsuite早有耳闻,近日得见真容,果然非同凡响。

Burp Suite is a comprehensive suite of tools for web application security testing.

burp suite professional vs burp suite community edition

burpsuite犹抱琵琶半遮面

鬼知道burpsuite professional抽了什么风,不输入lecense key的情况下,完全用不了。

在这里插入图片描述

Intercept HTTP traffic with Burp Proxy

burp proxy代理这一块的功能和charles,fiddler基本类似,没有什么特别之处。道基本一样,差别可能就是在术上。

在这里插入图片描述
Step 2: Intercept a request
Step 3: Forward the request
Step 4: Switch off interception
Step 5: View the HTTP history

Modifying HTTP requests with Burp Proxy

manipulate HTTP traffic

Set the target scope

In this tutorial, you’ll learn how to set the target scope for your work in Burp Suite. The target scope tells Burp exactly which URLs and hosts you want to test. This enables you to filter out the noise generated by your browser and other sites, so you can focus on the traffic that you’re interested in.

Go to Target > Site map.
add to scope
在这里插入图片描述

http history中show only in-scope items
在这里插入图片描述

Reissue requests with Burp Repeater

不过我对burp repeater的命名持怀疑态度,repeater竟然不能多次重放????非得放到intruder中?

In this part, you’ll use Burp Repeater to send an interesting request over and over again. This lets you study the target website’s response to different input without having to intercept the request each time. This makes it much simpler to probe for vulnerabilities, or confirm ones that were identified by Burp Scanner.

The most common way of using Burp Repeater is to send it a request from another of Burp’s tools. In this example, we’ll send a request from the HTTP history in Burp Proxy.在这里插入图片描述

run your first scan?

Scanning a website involves two phases:

WARNING: or NOTE
Burp Scanner is only available in Burp Suite Professional and Burp Suite Enterprise Edition.
在这里插入图片描述

Generating a report

In this section, you’ll learn how to generate a report in HTML format, based on your scan results.

这块非常的重要,因为如果你想说服领导采购burpsuite,那么首先要用burpsuite跑出一些结果来,这里的report可供参考。

在这里插入图片描述

posted @ 2023-11-26 10:21  叶常落  阅读(3)  评论(0编辑  收藏  举报  来源