burpsuite的大名早有耳闻,近日得见尊荣,倍感荣幸
问题:
burpsuite中文乱码何解?
如下图所示的问题,不是编码的问题,而是字体显示的问题。所以解决方法很简单,修改显示的字体就好了(但是黑体也太太丑了)。burpsuite默认字体:Courier New,将这个字体改为支持中文显示的字体就好了。
Courier :中文快递员的意思,可以理解为信使,也可以翻译成为快递小哥。
可以通过HTTP message display进行设置修改。
burpsuite
与君初相识,犹如故人归。
burpsuite早有耳闻,近日得见真容,果然非同凡响。
Burp Suite is a comprehensive suite of tools for web application security testing.
burp suite professional vs burp suite community edition
burpsuite犹抱琵琶半遮面
鬼知道burpsuite professional抽了什么风,不输入lecense key的情况下,完全用不了。
Intercept HTTP traffic with Burp Proxy
burp proxy代理这一块的功能和charles,fiddler基本类似,没有什么特别之处。道基本一样,差别可能就是在术上。
Step 2: Intercept a request
Step 3: Forward the request
Step 4: Switch off interception
Step 5: View the HTTP history
Modifying HTTP requests with Burp Proxy
manipulate HTTP traffic
Set the target scope
In this tutorial, you’ll learn how to set the target scope for your work in Burp Suite. The target scope tells Burp exactly which URLs and hosts you want to test. This enables you to filter out the noise generated by your browser and other sites, so you can focus on the traffic that you’re interested in.
Go to Target > Site map.
add to scope
http history中show only in-scope items
Reissue requests with Burp Repeater
不过我对burp repeater的命名持怀疑态度,repeater竟然不能多次重放????非得放到intruder中?
In this part, you’ll use Burp Repeater to send an interesting request over and over again. This lets you study the target website’s response to different input without having to intercept the request each time. This makes it much simpler to probe for vulnerabilities, or confirm ones that were identified by Burp Scanner.
The most common way of using Burp Repeater is to send it a request from another of Burp’s tools. In this example, we’ll send a request from the HTTP history in Burp Proxy.
run your first scan?
Scanning a website involves two phases:
WARNING: or NOTE
Burp Scanner is only available in Burp Suite Professional and Burp Suite Enterprise Edition.
Generating a report
In this section, you’ll learn how to generate a report in HTML format, based on your scan results.
这块非常的重要,因为如果你想说服领导采购burpsuite,那么首先要用burpsuite跑出一些结果来,这里的report可供参考。