看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试

准备工作

软件部分

Burp Suite

https://portswigger.net/burp/releases/professional-community-2022-3-2?requestededition=professional

https://portswigger-cdn.net/burp/releases/download?product=pro&version=2022.3.2&type=MacOsx

This release provides a number of bug fixes and an upgrade for Burp's browser.

Browser upgrade

Burp's browser has been upgraded to Chromium 100.0.4896.60^[1]

Bug fixes

•When manually following redirections, you no longer get stuck in an infinite redirect loop.•We have resolved an issue where the Proxy's HTTP history tab was not displaying responses on MacOS.•We have fixed a bug that was causing performance issues when testing recorded login sequences.

https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases/tag/1.3

https://github.com/h3110w0r1d-y/BurpLoaderKeygen/releases/download/1.3/BurpLoaderKeygen.jar

•增加对Java16和17的支持（自动添加所需的启动参数）•自动调用注册机目录下的Java环境来启动Burp（也会自动识别Java版本并且添加启动参数）•Add support for Java 16 and 17 (Automatically add required parameters)•Automatically use the Java environment in the keygen directory to start burp (auto detect Java version and add start parameters too)

Fiddler Everywhere

https://www.telerik.com/download/fiddler-everywhere

https://downloads.getfiddler.com/mac/Fiddler%20Everywhere%203.1.1.dmg

注意，此软件并非免费版，软件和谐办法后面会补充。

原文始发于微信公众号（利刃藏锋）：看我如何利用 Burp Suite + Fiddler Everywhere 进行PC端和小程序抓包渗透测试