Basics of Penetration Testing-How to Use Burpsuite Modules
- Proxy module: packet capture
1. First enable intercept is on under intercept to capture packets
2. Open the proxy server, you can display the data packets captured by browsing the webpage here
Click forward to release the intercepted packets and let the data pass.
- Repeater module: Store the request response and change the content of the captured request message multiple times
- After capturing the packet, click Action and select send to repeater
2. Select Proxy, you can view the packets captured many times at 1 …. Here, select 1 just captured, click go, the content of the captured packet will appear under the response on the right, you can directly Modify the data in this interface, you can modify the web interface
- Intruder Module: Intrusion Tool
- Here is an example of a password verification packet
The PHP code is as follows:
Manually simulate GET parameters:
Then capture the packet, click Action after capturing the packet, and select send to Intruder:
2. Then select Positions under intruder, first click clear to clear, select add in the place where you want to test to select the mark.
3. Select Payloads, click load to add scan dictionary, and then click Start attack to invade
4. See 123123 password test successfully
- spider module
- Browse the interface, click Target, view the required data, right-click and select add to scope, click yes
2. Select options under spider, then fill in the user and password of the website under
3. Click on the control under spider and click on the button below to start crawling
4. You can see the crawled data at Target
- scanner module: scan
1. Click Scanner and select the option below to enable the scan function
2. Select a directory under target and select the option below to scan
3. In the following options, you can view the scan results, and in the issue activity, you can view the details of the scan results.
- decoder module: encoding and decoding
1. Enter a text under decoder, click decode on the right to decode, and encode to encode
Seven: comparator module, comparison module comparator
- Grab the two packets, view the content at the repeatar, and copy the content to the comparator (paste copy).
2. Click on words to compare the contents of the two packages