1、how to use burpsuite
I can‘t thank them enough for allowing us to test web application ,making sure they are secure against threats . if you ues it another way ,all duty afford yousleves.
this version is 2.0.04 before load running ,you should function the key burp-loader-keygen-jas502n,because the authentic burpsuite not cheap , besids ,burp offers many options for only 350USD per year . we can use burp differentiate the real vulnerabilities from the false ones.
2、if you use the perburpSuite ,you can you commands : java -jar -Xmx2G /[path ]/[burp.jar] fireStart
3、Visualizing the application structure using Burp Suite
The Burpsuite offers the following function :
Visualize , Scope 、 Search the web hindder contents 、 lists comments 、scripts 、analyze 、report
4、we can se the burp Proxy it as a man-in-the-middle between your browser and destination wen servers ,it let you intercept,inspect and modify the raw trafficc passing in the bouth directions.
take notes: if you penetration with the https website you should install Burp‘s CA cerficate .an follow
5、Crawling the web application using Burp Splider
ususlly speaking Spider the website there is therr ways :
the first: Manually crawing by use the Intruder tool ; the second Automatically Crawing by use Spider ; finally use the Discover Content tool
if you want a manual as follow
besides it , another way
原文:https://www.cnblogs.com/xinxianquan/p/10193271.html