Burp Suite官方说明书(开车版).docVIP

目录 TOC \o 1-3 Burp Suite文档 7 Getting Started 7 Launching Burp 8 Display Settings 8 Configuring Your Browser 8 The Basics of Using Burp 9 Using BurpSuite 9 Testing Workflow 10 Recon and Analysis 10 Tool Configuration 11 Burp Tools 11 Target 12 Using Burp Target 12 SiteMap 15 Target Information 15 Display Filter 15 Annotations 16 Scope 16 Proxy 17 Using Burp Proxy http、https 17 1) http 17 2) https 19 Intercept 19 1) Forward 19 2) Drop 19 3) Interception is on/off 19 4) Action 19 5) Comment field 20 6) Highlight 20 HTTP history 20 1) History Table 20 2) Display Filter 21 3) Annotations 22 WebSockets history 23 Options 23 1) Proxy Listeners 23 1) Interception Options 25 2) Response Modification 25 3) Match and Replace 25 4) SSL Pass Through 26 5) Miscellaneous 26 Spider 27 Using Burp Spider 27 Control tab 28 Spider Status 28 Spider Scope 29 Options tab 29 Crawler Settings 29 Passive Spidering(被动扫描) 30 Form Submission 31 Application Login 32 Spider Engine 32 Request Headers 33 Scanner 33 Using Burp Scanner 33 Results 35 Report selected issues 36 Delect selected issues 36 Scan Queue 36 Show details 37 Scan again 37 Delete item(S) 37 Delect finished items 37 Automatically delete finished items 37 Pause/resume scanner 37 Send to 37 Live Scanning 38 Live active scanning 38 Live Passive Scanning 38 Options 39 Attack Insertion Points 39 Active Scanning Engine 41 Active Scanning Optimization 42 Active Scanning Areas 42 Passive Scanning Areas 43 Intruder 44 Using Burp Intruder 46 Target 50 Positions 50 Request Template 50 Payload Markers 50 Attack type 51 Payloads 53 Types 53 Processing 54 Optins 56 Request Headers 56 Request Engine 56 Attack Results 57 Grep-Match 57 Grep-Extrack 57 Grep-Payloads 58 Redirections 59 Attacks 59 Launching an Attack 59 Result Tab 60 Attack configuration Tabs 61 Result Menus 61 Repeater 62 Using Burp Repeater 62 Issuing Requests 63 Request History 6