{"id":496,"date":"2020-08-12T04:40:45","date_gmt":"2020-08-11T20:40:45","guid":{"rendered":"https:\/\/byy3.com\/?p=496"},"modified":"2020-08-12T04:40:45","modified_gmt":"2020-08-11T20:40:45","slug":"tryhackme-rp%ef%bc%9aburp-suite","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=496","title":{"rendered":"tryhackme–RP\uff1aBurp Suite"},"content":{"rendered":"
\n
\n
\n
\n

tryhackme\uff0cRP\uff1aBurp Suite<\/span><\/h1>\n
\n
\n
\n
\"tryhackme–RP\uff1aBurp<\/a><\/div>\n
\n
\n
<\/div>\n<\/div>\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\"tryhackme–RP\uff1aBurp<\/div>\n

\"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n

\n
\n
\n
\n

\u76ee\u5f55<\/span><\/h1>\n
    \n
  1. \u5148\u51b3\u6761\u4ef6<\/span><\/li>\n
  2. \u4ecb\u7ecd<\/span><\/li>\n
  3. \u5b89\u88c5<\/span><\/li>\n
  4. Gettin'[CA]\u8ba4\u8bc1<\/span><\/li>\n
  5. \u529f\u80fd\u6982\u8ff0<\/span><\/li>\n
  6. \u53c2\u4e0e\u9ed1\u6697\u6a21\u5f0f<\/span><\/li>\n
  7. \u4ee3\u7406<\/span><\/li>\n
  8. \u76ee\u6807\u5b9a\u4e49<\/span><\/li>\n
  9. \u5c06\u6240\u6709\u5185\u5bb9\u91cd\u590d\u653e\u7f6e[er]<\/span><\/li>\n
  10. \u6551\u547d\uff01\u6709\u4e00\u4e2a\u5165\u4fb5\u8005\uff01<\/span><\/li>\n
  11. \u4e8b\u5b9e\u8bc1\u660e\uff0c\u8fd9\u4e9b\u673a\u5668\u6bd4\u6211\u4eec\u7684\u6570\u5b66\u80fd\u529b\u66f4\u597d\u3002<\/span><\/li>\n
  12. \u89e3\u7801\u5668\u548c\u6bd4\u8f83\u5668<\/span><\/li>\n
  13. \u5b89\u88c5\u4e00\u4e9bMod [Extender]<\/span><\/li>\n
  14. \u4f46\u662f\uff0c\u7b49\u7b49\uff0c\u8fd8\u6709\u66f4\u591a\uff01<\/span><\/li>\n
  15. \u989d\u5916\u4fe1\u7528<\/span><\/li>\n
  16. \u7ed3\u8bba<\/span><\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/section>\n
    \n
    \n
    \n
    \n

    \u5148\u51b3\u6761\u4ef6<\/span><\/h1>\n

    \u5728\u5c1d\u8bd5\u8be5\u4f1a\u8bae\u5ba4\u4e4b\u524d\uff0c\u6211\u5f3a\u70c8\u5efa\u8bae\u60a8\u67e5\u770b<\/span><\/em>NinjaJc01<\/em>\u7684\u201c\u00a0<\/em><\/span>Web\u57fa\u7840\u77e5\u8bc6<\/span><\/em>\u00a0\u201d\u4f1a\u8bae\u5ba4<\/span><\/em>\u3002<\/em>\u5982\u679c\u60a8\u719f\u6089\u57fa\u672c\u7684Web\u8bf7\u6c42\u7ed3\u6784\u548cSQL\u6ce8\u5165\uff0c\u90a3\u4e48\u60a8\u5df2\u7ecf\u8bbe\u7f6e\u597d\u4e86\uff01<\/em><\/span><\/p>\n<\/div>\n<\/div>\n<\/section>\n

    \n
    \n
    \n
    \n

    \u4ecb\u7ecd<\/span><\/h1>\n

    \u4eca\u5929\u6211\u4eec\u5c06\u8981\u5c1d\u8bd5\u5b8c\u6210\u5728\u7ea2\u5e95\u6f06\u6253\u55dd\u5957\u623f<\/span>\u00a0-\u5982\u679c\u4f60\u60f3\u5c1d\u8bd5\u7684\u94fe\u63a5\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\uff1a<\/span>https:\/\/tryhackme.com\/room\/rpburpsuite<\/span><\/a><\/p>\n

    Burp Suite\u662fWeb\u5e94\u7528\u7a0b\u5e8f\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u7684\u6846\u67b6\uff0c\u88ab\u5e7f\u6cdb\u8ba4\u4e3a\u662f\u6267\u884cWeb\u5e94\u7528\u7a0b\u5e8f\u6d4b\u8bd5\u65f6\u4f7f\u7528\u7684\u4e8b\u5b9e\u4e0a\u7684\u5de5\u5177\u3002\u5728\u6574\u4e2a\u4f1a\u8bae\u5ba4\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5b89\u88c5\u548c\u4f7f\u7528\u6b64\u5de5\u5177\u7684\u57fa\u7840\u77e5\u8bc6\u4ee5\u53ca\u5b83\u7684\u5404\u4e2a\u4e3b\u8981\u7ec4\u4ef6\u3002\u5728\u6574\u4e2a\u4f1a\u8bae\u5ba4\u4e2d\uff0c\u5927\u591a\u6570\u4efb\u52a1\u7684\u5e95\u90e8\u90fd\u63d0\u4f9b\u4e86\u6bcf\u8282\u76f8\u5173\u6587\u6863\u7684\u53c2\u8003\u94fe\u63a5\u3002<\/span><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n

    \n
    \n
    \n
    \n

    \u5b89\u88c5<\/span><\/h1>\n

    \u5728\u6211\u4eec\u6df1\u5165\u7814\u7a76Burp Suite\u8fd9\u4e2a\u4ee4\u4eba\u60ca\u53f9\u7684\u5de5\u5177\u4e4b\u524d\uff0c\u6211\u4eec\u9996\u5148\u5fc5\u987b\u5b89\u88c5\u5b83\u3002\u5bf9\u6211\u4eec\u6765\u8bf4\u5e78\u8fd0\u7684\u662f\uff0c\u5982\u679c\u60a8\u5728Kali Linux\u4e0a\u5b89\u88c5\u6b64\u673a\u623f\uff0c\u5219\u5df2\u7ecf\u5b89\u88c5\u4e86Burp Suite\u3002\u7531\u4e8e\u8be5\u4f1a\u8bae\u5ba4\u4e5f\u5b8c\u5168\u53ef\u4ee5\u5728Windows\u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u6211\u4eec\u5c06\u7b80\u8981\u4ecb\u7ecd\u5982\u4f55\u4e3a\u4efb\u4f55\u7cfb\u7edf\u83b7\u53d6Burp Suite\uff08\u793e\u533a\u7248\uff09\uff0c\u56e0\u4e3a\u5b83\u76f8\u5f53\u8f7b\u677e\u3002<\/span>\u60a8\u8fd8\u53ef\u4ee5<\/span><\/strong>\u5728<\/span><\/strong><\/a>\u5df2\u5b89\u88c5BurpSuite\u7684\u60c5\u51b5\u4e0b<\/strong>\u4f7f\u7528\u90e8\u7f72\u81ea\u5df1<\/strong>\u7684\u6d4f\u89c8\u5668<\/strong><\/a><\/span>\u5185\u7f6e\u8ba1\u7b97\u673a\uff01<\/span><\/strong><\/p>\n

    \u5982\u679c\u8981\u4ece\u5934\u5f00\u59cb\u5b89\u88c5Burp\uff08\u901a\u5e38\u79f0\u4e3aBurp\uff09\uff0c\u5219\u9700\u8981\u5148\u8bbf\u95ee\u6b64\u94fe\u63a5\uff1ahttps<\/a>\u00a0:\u00a0<\/span>\/\/portswigger.net\/burp\/communitydownload<\/span><\/a><\/p>\n

    \uff031<\/span><\/p>\n

    \u5982\u679c\u8981\u4ece\u5934\u5f00\u59cb\u5b89\u88c5Burp\uff08\u901a\u5e38\u79f0\u4e3aBurp\uff09\uff0c\u5219\u9700\u8981\u5148\u8bbf\u95ee\u6b64\u94fe\u63a5\uff1ahttps<\/a>\u00a0:\u00a0<\/span>\/\/portswigger.net\/burp\/communitydownload<\/span><\/a><\/p>\n

    2\u53f7<\/span><\/p>\n

    \u8fdb\u5165Port Swigger\u4e0b\u8f7d\u9875\u9762\u540e\uff0c\u7ee7\u7eed\u4e0b\u8f7d\u9002\u7528\u4e8e\u60a8\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u7248\u672c<\/span><\/p>\n

    \uff033<\/span><\/p>\n

    Burp Suite\u9700\u8981Java JRE\u624d\u80fd\u8fd0\u884c\u3002\u5728\u6b64\u5904\u4e0b\u8f7d\u5e76\u5b89\u88c5Java\uff1ahttps<\/a>\uff1a<\/span>\/\/www.java.com\/en\/download\/<\/span><\/a><\/p>\n

    \u5b8c\u6210\u6240\u6709\u8bbe\u7f6e\u540e\uff0c\u79fb\u4ea4\u7ed9\u6211\u4eec\u7684\u4e0b\u4e00\u9879\u4efb\u52a1\uff0c\u5373\u83b7\u5f97Gettin'[CA]\u8ba4\u8bc1\uff01<\/span><\/p>\n<\/div>\n<\/div>\n<\/section>\n

    \n
    \n
    \n
    \n

    Gettin'[CA]\u8ba4\u8bc1<\/span><\/h1>\n

    \u5728\u5f00\u59cb\u4f7f\u7528\u65b0\u5b89\u88c5\u7684\uff08\u6216\u9884\u5b89\u88c5\u7684\uff09Burp Suite\u4e4b\u524d\uff0c\u6211\u4eec\u5fc5\u987b\u4fee\u590d\u8bc1\u4e66\u8b66\u544a\u3002\u6211\u4eec\u9700\u8981\u5b89\u88c5CA\u8bc1\u4e66\uff0c\u56e0\u4e3aBurpSuite\u5145\u5f53\u60a8\u7684\u6d4f\u89c8\u5668\u4e4b\u95f4\u7684\u4ee3\u7406\uff0c\u5e76\u901a\u8fc7Internet\u53d1\u9001\u5b83\u2014\u5b83\u4f7fBurpSuite\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8bfb\u53d6\u548c\u53d1\u9001HTTPS\u6570\u636e\u3002<\/span><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n

    \u9664\u975e\u6211\u4eec\u5b89\u88c5Burp\u7684CA\u8bc1\u4e66\uff0c\u5426\u5219\u5c06\u51fa\u73b0\u8bc1\u4e66\u8b66\u544a\u3002<\/span><\/em><\/p>\n

    \u5feb\u901f\u8bf4\u660e\u4e00\u4e0b\uff0c\u5728\u672c\u5b9e\u9a8c\u4e2d\uff0c\u6211\u5c06\u4f7f\u7528Firefox\u548cFoxy Proxy<\/span><\/strong>\uff08\u53ef\u5728<\/span>\u6b64\u5904<\/span><\/a>\u627e\u5230\uff09\u3002\u6211\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\u4f7f\u7528Firefox\uff0c\u56e0\u4e3a\u4f7f\u7528Burp Suite\u65f6\u5b83\u4f7f\u7528\u8d77\u6765\u66f4\u5bb9\u6613\u4e00\u4e9b\u3002<\/span><\/p>\n

    \uff031<\/span><\/strong><\/p>\n

    \u9996\u5148\uff0c\u8ba9\u6211\u4eec\u7ee7\u7eed\u524d\u8fdb\uff0c\u542f\u52a8Burp\u3002\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5de6\u4fa7\u7684\u56fe\u6807\u5728Kali\u4e0a\u6267\u884c\u6b64\u64cd\u4f5c\u3002\u5728\u4e0b\u9762\u7684\u56fe\u50cf\u4e2d\uff0c\u5b83\u662f\u5de6\u4fa7\u9876\u90e8\u7b2c7\u4e2a\u56fe\u6807\u3002<\/span>\u5982\u679c\u60a8\u7684Kali\u684c\u9762\u770b\u8d77\u6765\u4e0d\u50cf\u4e0b\u9762\u7684\u5c4f\u5e55\u622a\u56fe\uff0c\u8bf7\u5355\u51fb\u201c\u5e94\u7528\u7a0b\u5e8f\u201d\u5e76\u952e\u5165Burp Suite\u3002\u5355\u51fb\u51fa\u73b0\u7684Burp Suite\u56fe\u6807\u3002<\/span><\/strong><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n

    \u542f\u52a8\u6253p\uff01<\/span><\/p>\n

    \uff032<\/span><\/strong><\/p>\n

    \u542f\u52a8Burp\u540e\uff0c\u5c06\u51fa\u73b0\u4ee5\u4e0b\u5c4f\u5e55\uff1a<\/span><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n

    \u5f39\u51fa\u540e\uff0c\u5355\u51fb\u201c\u4e34\u65f6\u9879\u76ee\u201d\uff0c\u7136\u540e\u5355\u51fb\u201c\u4e0b\u4e00\u6b65\u201d\u3002<\/span><\/p>\n

    *\u73b0\u5728\uff0c\u60a8\u53ef\u80fd\u5df2\u7ecf\u6ce8\u610f\u5230\u201c\u78c1\u76d8\u4e0a\u7684\u65b0\u9879\u76ee\u201d\u548c\u201c\u6253\u5f00\u73b0\u6709\u9879\u76ee\u201d\u90fd\u663e\u793a\u4e3a\u7070\u8272\u3002\u5982\u8be5\u7a97\u53e3\u9876\u90e8\u6240\u793a\uff0c\u4fdd\u5b58\u9879\u76ee\u662f\u4e0eBurp Suite Professional\u76f8\u5173\u7684\u529f\u80fd\uff0c\u56e0\u4e3a\u4fdd\u5b58\u5e76\u8fd4\u56de\u591a\u5929Web\u5e94\u7528\u7a0b\u5e8f\u6d4b\u8bd5\u662f\u5f88\u5e38\u89c1\u7684\u3002<\/span><\/em><\/p>\n

    \uff033<\/span><\/strong><\/p>\n

    \u63a5\u4e0b\u6765\uff0c\u5c06\u63d0\u793a\u6211\u4eec\u8be2\u95ee\u6211\u4eec\u8981\u4f7f\u7528\u54ea\u79cd\u914d\u7f6e\u3002\u73b0\u5728\uff0c\u9009\u62e9\u201c\u4f7f\u7528\u6253Bur\u9ed8\u8ba4\u8bbe\u7f6e\u201d\u3002<\/span><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n

    \u5305\u542b\u6b64\u9009\u9879\u662f\u56e0\u4e3a\u5b83\u5bf9\u4e8e\u4e3a\u4ee3\u7406\u6216\u5176\u4ed6\u8bbe\u7f6e\u521b\u5efa\u81ea\u5b9a\u4e49\u914d\u7f6e\u6587\u4ef6\u975e\u5e38\u6709\u7528\uff0c\u5c24\u5176\u662f\u53d6\u51b3\u4e8e\u60a8\u7684\u7f51\u7edc\u914d\u7f6e\u65b9\u5f0f\u548c\/\u6216\u662f\u5426\u901a\u8fc7\u8bf8\u5982<\/span><\/em>x11\u8f6c\u53d1<\/span><\/em><\/a>\u8fdc\u7a0b\u542f\u52a8Burp Suite\u65f6<\/em><\/span>\u3002<\/span><\/em><\/p>\n

    \uff034<\/span><\/strong><\/p>\n

    \u6700\u540e\uff0c\u8ba9\u6211\u4eec\u5f00\u59cbBurp\uff01\u7acb\u5373\u70b9\u51fb\u201c\u5f00\u59cb\u6253p\u201d\uff01<\/span><\/p>\n

    \uff035<\/span><\/strong><\/p>\n

    \u73b0\u5728\uff0c\u60a8\u5c06\u770b\u5230\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\u7684\u5c4f\u5e55\uff1a<\/span><\/p>\n

    \n
    \n
    \n
    \n
    \n
    \"tryhackme–RP\uff1aBurp<\/div>\n

    \"tryhackme–RP\uff1aBurp<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n

    \u7531\u4e8e\u6211\u4eec\u73b0\u5728\u6b63\u5728\u8fd0\u884cBurp Suite\uff0c\u56e0\u6b64\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5c06\u4f7f\u7528\u5b83\u542f\u52a8\u4ee3\u7406\u670d\u52a1\u3002\u4e3a\u4e86\u5145\u5206\u5229\u7528\u6b64\u4ee3\u7406\uff0c\u6211\u4eec\u5fc5\u987b\u5b89\u88c5Burp Suite\u968f\u9644\u7684CA\u8bc1\u4e66\uff08\u5426\u5219\u6211\u4eec\u5c06\u65e0\u6cd5\u4f7f\u7528SSL\u52a0\u8f7d\u4efb\u4f55\u5185\u5bb9\uff09\u3002\u4e3a\u6b64\uff0c\u8bf7\u7acb\u5373\u542f\u52a8Firefox\uff01<\/span><\/p>\n