2019年11月1日,PortSwigger官方发布了Burp Suite Professional 2.1.05最新版本,第一时间给大家分享Burp Suite Professional 2.1.05最新和谐版本。
Burp Suite是一款信息安全从业人员必备的集 成型的渗透测试工具,它采用自动测试和半自动测试的方式,包含了 Proxy,Spider,Scanner,Intruder,Repeater,Sequencer,Decoder,Comparer等工具模块。通 过拦截HTTP/HTTPS的web数据包,充当浏览器和相关应用程序的中间人,进行拦截、修改、重放数据包进行测试,是web安全人员的一把必备的瑞士军刀。
官方试用最新版新支持windows(.exe)直接安装,下载地址:
https://portswigger.net/burp/communitydownload
Professional 2.1.05
This release adds experimental support for using Burp's embedded Chromium browser to perform all navigation while scanning.
This new approach will provide a robust basis for future capabilities in Burp Scanner, enabling it to eventually deal with any client-side technologies and navigational structures that a modern browser is able to deal with. It has the potential to dramatically improve coverage of the scan, during both the crawling and auditing phases.
In this initial release, Burp Scanner now correctly deals with:
-
Applications that dynamically construct the navigational UI (links and forms) using JavaScript.
-
Applications that dynamically mutate the request when a link is clicked or a form is submitted, using JavaScript event handlers.
There are numerous caveats at this stage:
-
Performance is poor and will be improved considerably over the next few releases.
-
Navigational elements other than links and forms are not yet supported (such as DIV elements with an onclick handler that makes a request).
-
Asynchronous requests such as XHR are honored during navigation but are not audited.
-
Navigational actions that mutate the existing DOM without causing a request to the server are not properly handled.
-
Frames and iframes are not properly supported.
-
File uploads are not supported.
The new feature is currently experimental, and is being released to gather feedback from users who want to play with the new capability and assess its effectiveness. The new feature is not currently a suitable replacement for the existing default scanning mode: you are likely to gain some coverage of JavaScript-heavy applications, but also lose some coverage and experience poor performance. Rest assured that over the coming months the new feature will be considerably enhanced until it becomes a robust and superior replacement to the existing scanning mode.
To enable experimental support for browser-based scan navigation, create a new scan, add a crawl configuration, and under "Miscellaneous" select "Use embedded browser for navigation". You can also configure whether to allow the browser to fetch page resources that are out-of-scope.
The release also includes various other bugfixes. The embedded JRE that is included in Burp's installer has been updated to Java 12.
burpsuite_pro_v2.1.05.jar
MD5: 1dc02e1b39828540b97b8d3a2de804a1
SHA256: b99cd745fc6dfdf4d8795728988e17e8a36a7c87e74d7b647bd42c16366ee0bf
burpsuite_pro_linux_v2_1_05.sh
MD5: f81ce6416c2980d6b0c4076bd666b50b
SHA256: 997b0efff89391bc11c7a5415a126a028a398919cc83ea2f20bf86032e578fe8
burpsuite_pro_windows-x64_v2_1_05.exe
MD5: ae885a494177657fb2cbc1138532a086
SHA256: a223261d76e832cfac0d51f4d01c575a87506714461374dd0f162aa2c481fcdf
burpsuite_pro_macos_v2_1_05.dmg
MD5: e55173f47097f14e62e86cd2bebeee81
SHA256: f2105ec4fd4ba8ff8d8f0ee295fe87be15703244fa3304b9af7c54d7807dbc12
Posted by Dafydd Stuttard at 9:53 AM
功能
-
拦截代理(Proxy),你可以检查和更改浏览器与目标应用程序间的流量;
-
可感知应用程序的网络爬虫(Spider),它能完整的枚举应用程序的内容和功能;
-
高级扫描器,执行后它能自动地发现web应用程序的安全漏洞;
-
入侵测试工具(Intruder),用于执行强大的定制攻击去发现及利用不同寻常的漏洞;
-
重放工具(Repeater),一个靠手动操作来触发单独的HTTP 请求,并分析应用程序响应的工具;
-
会话工具(Sequencer),用来分析那些不可预知的应用程序会话令牌和重要数据项的随机性的工具;
-
解码器,进行手动执行或对应用程序数据者智能解码编码的工具;
-
扩展性强,可以让你加载Burp Suite的扩展,使用你自己的或第三方代码来扩展Burp Suite的功能.
Burp Suite Professional 2.1.05 注册方法
现在开始注册工具
1.打开 burp-loader-keygen-2_1_05 运行后单击run 运行brupsuite 复制 license内的内容复制到burpusite内
2.单击next 单击manual activation 将 brpusteie action request内容复制到注册机生产一个key再复制到brupsuite
工具下载
链接:https://pan.baidu.com/s/1EiZKRKk5wPEimeJl7KmWtw
提取码:22lp
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论