看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试

admin
admin
admin
102673
文章
87
评论
2022年4月9日02:16:08评论187 views字数 1273阅读4分14秒阅读模式

看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试

准备工作

软件部分

Burp Suite

https://portswigger.net/burp/releases/professional-community-2022-3-2?requestededition=professional

https://portswigger-cdn.net/burp/releases/download?product=pro&version=2022.3.2&type=MacOsx

This release provides a number of bug fixes and an upgrade for Burp's browser.

Browser upgrade

Burp's browser has been upgraded to Chromium 100.0.4896.60[1]

Bug fixes

When manually following redirections, you no longer get stuck in an infinite redirect loop.We have resolved an issue where the Proxy's HTTP history tab was not displaying responses on MacOS.We have fixed a bug that was causing performance issues when testing recorded login sequences.

https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases/tag/1.3

https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases/download/1.3/BurpLoaderKeygen.jar

增加对Java16和17的支持(自动添加所需的启动参数)自动调用注册机目录下的Java环境来启动Burp(也会自动识别Java版本并且添加启动参数)Add support for Java 16 and 17 (Automatically add required parameters)Automatically use the Java environment in the keygen directory to start burp (auto detect Java version and add start parameters too)

Fiddler Everywhere

https://www.telerik.com/download/fiddler-everywhere

https://downloads.getfiddler.com/mac/Fiddler%20Everywhere%203.1.1.dmg

注意,此软件并非免费版,软件和谐办法后面会补充。

原文始发于微信公众号(利刃藏锋):看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年4月9日02:16:08
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试http://cn-sec.com/archives/889477.html

发表评论

匿名网友 填写信息