First, the experimental tool:
Sword: link: https: //pan.baidu.com/s/1HNwGUJec-dwVrRr33IWMXw extraction code: 64pv
Burp Suit: link: https: //pan.baidu.com/s/1W04QkcCRmlIlTLz2R9yIkg extraction code: i9xv
Second, analysis
1. The title Inspiration second experiment used a fake background, so you should first find the true background.
The meaning of the questions, login time may be in trouble
Third, step
1. Use Sword scanner, looking for log entry, quickly find the login URL / admin / 123 meaning of the questions:
2. Enter the login password:
The above code analysis, to find information that, to make the website as host and refere to login to flag interface: this time with the Burf Suit packet capture tools to analyze, modify the host and consistent refere address:
Note: Modify get / admin123 / sysadmin_view.asp front view, another catch release package, the Host and the packet Referer modify the same address, the port number can be omitted, not affect, and then released, will appear in the main screen flag.
Be sure to note: To clear the browser cache each time you log in, otherwise after landing, a landing page on the screen or display.