天天看点
返回

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

文章目录

  • 发送到repeater
  • Change request method改变请求方式
  • Change body encoding
  • Copy as curl command
  • Repeater菜单
    • Engagement tools-generate csrf PoC
    • Follow redirections跟随重定向
    • Process cookies in redirections

发送到repeater

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

下图:点go就向服务器发起请求。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Change request method改变请求方式

这里是post改get

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Change body encoding

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

下面是更改后。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Copy as curl command

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

下图就是以curl访问目标服务器命令。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

下面箭头后就是服务器的返回。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Repeater菜单

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Engagement tools-generate csrf PoC

当我们怀疑这个页面有CSRF漏洞的时候,我们就可以生成CSRF的pox代码,把生成的文件保存,双击文件就可以访问服务器。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

上图,点击后就可以访问页面。我们把上面保存代码的文件发给受害者取点击,它点击后就修改了密码。

Follow redirections跟随重定向

下图我们默认选择的是不更随重定向,当网页要重定向的时候我们的访问页面不会变,否则就会跟随到重定向的页面。

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单

Process cookies in redirections

Burpsuite:6.Burpsuite-repeater连发枪发送到repeaterChange request method改变请求方式Change body encodingCopy as curl commandRepeater菜单
工具 burpsuite
上一篇: CISSP考点拾遗——信息安全持续监测ISCM
下一篇: d中shared用法

继续阅读