The use of BurpSuite tools for safety testing and learning

BurpSuite Introduction:
BurpSuite is an integrated penetration testing tool with many penetration testing components. It can implement interception requests, packet capture, etc. but is more powerful than fiddler and postman. Burp Suite is a software that does not need to be installed. After the download is complete, you can enable it directly from the command line. However, Burp Suite is developed in the Java language, and the runtime depends on the JRE, which requires a Java runtime environment in advance.


The tool download package can be downloaded online.
Double-click the burp-loader-xxyyzz.jar file to run the following figure, and then click the buttons in the red box in turn.

Insert picture description here
Insert picture description here
Insert picture description here
Insert picture description here

You can enter the tool interface.

Insert picture description here

Second, set the browser proxy, configure the Burp listening port
2.1 Browser proxy configuration Take Chrome browser as an example, open Settings / Advanced / System / Proxy settings, as shown in the figure:

Insert picture description here

Perform the following configuration:

Insert picture description here

2.2 Configure Burp Listening Port

Insert picture description here

Third, after the proxy is configured for the replay attack, Burp Suite will intercept the interaction between the client and the server:

Insert picture description here

intercept is on is the interception state and its corresponding intercept is off is the non-intercepting state. After the proxy is set, the tool will turn on the interception state by default. Requests initiated by the browser will be intercepted by burstsuite.
forward: The request is intercepted. Click forward to continue the request. If you click drop, the request data is discarded.
The recommended setting is intercept is off. The request to be tested is found in the HTTP history for analysis. Take the login request as an example, you can view the response of the request and the server.

Insert picture description here

Right-click and select Send to Repeater

Insert picture description here

After entering the Repeater interface, you can modify the parameters of the data packet here to perform request and response message verification analysis. Change the login name to wxxtest here, and click the button Go to get the requested response.

Insert picture description here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: