【BurpSuite】01 工具安装和抓包(win10)
简述:
1、BurpSuite是一个辅助渗透的工具,集合了多种渗透测试组件,帮助测试人员自动化或手工完成对web应用的渗透测试和攻击。
2、简单地说,BurpSuite用来抓包改包、密码爆破、自动化漏洞探测、编码解码、被动扫描等等等
一、burpsuite 工具安装
1、下载:https://portswigger.net/burp/communitydownload
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIwMzUyNTMtMzQyNjQ5NDQ0LnBuZw==)
备注:选择对应版本Windows、mac、linux
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=)
2、安装:一直next,中间可自定义安装目录
3、打开:
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIxMDExMTctMTQ2MDQ2MjMwNC5wbmc=)
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIxMTI2MTYtOTI5ODYyNzM1LnBuZw==)
二、burpsuite 抓包
1、设置浏览器代理:设置->高级->系统->“打开您计算机的代理设置”->手动设置代理
(1)chrome 浏览器代理设置
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIxMjQxMTEtMTM4MzQ3MzgxLnBuZw==)
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIxNDI4MzYtMTg0Mjk3ODE2LnBuZw==)
(2)Firefox 浏览器代理设置
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIyMDMzNjktMTEwODgwOTE5NS5wbmc=)
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIyMTM4MDctODk3NzUyNjAucG5n)
2、设置 burpsuite 代理,使得双方通信(一般 burpsuite 默认添加 8080 端口代理)
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIyMjc1MTAtMTAyMzk5NjY4My5wbmc=)
3、开始第一次抓包,以登录接口为例
(1)打开目标网站,输入用户名密码
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIyMzk3MjMtMTk5NjM2NDkwOS5wbmc=)
(2)burpsuite 点击抓包按钮,“Intercept is off” 更新为“Intercept is on”
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIyNDkyNDMtMTQxNzQ2MjY4Ny5wbmc=)
(3)目标登录页,点击 Login 按钮:burpsuite 抓包成功,即拦截成功,目标网站一直加载中
![【BurpSuite】01 工具安装和抓包(win10) 【BurpSuite】01 工具安装和抓包(win10)](/default/index/img?u=aHR0cHM6Ly93d3cuaWNvZGU5LmNvbS9pL2wvP249MjAmaT1ibG9nLzE1Mzc2MzAvMjAyMTAzLzE1Mzc2MzAtMjAyMTAzMTcxNTIzMzA5NTEtMTAzNTI1MzczMi5wbmc=)