To solve a XSS security issue, first use BurpSuite, record it to download and install process is configured to use, hoping to help the first time you use the tool of friends.
First, download and install
Direct Baidu download cracked version, my version is under burpsuite_pro_v2.1. Used directly after decompression, ha ha, no surprise surprise?
Second, the configuration
Open the "Network and Internet Configuration" to open the proxy settings, the proxy settings to the same proxy and burpsuite configuration, such as the default monitor 127.0.0.1, port 8080.
Third, the use
Note that if you want to block local service requests, pay attention to the configuration of the port should not duplicate proxy. For example, local service configured port number is 8080, that burpsuite configured proxy port can be 8081.
Also note that, after the local service is started, when accessing services ip with local IPv4 address, do not use 127.0.0.1, or it may not intercept.
Use this simple tool: you can configure the address you need to intercept the target, and then check mark will only intercept requests this address, this quite useful, want to block a request, you can tick before the request,
After the request to cancel the hook, so to avoid interception has been carried out and the need to put packages and other operations, to achieve precision strike.
