Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【Note】Burp Suite Essentials : Charpter 3

wpadmin~October 6, 2018 /InfoSec

【Note】Burp Suite Essentials : Charpter 3 | Setting the Scope and Dealing with Upstream Proxies

Contents

Charpter 3 Setting the Scope and Dealing with Upstream Proxies

summary

3.1 Multiple ways to add targets to the scope
3.1.1 Loading a list of targets from a fle

3.2 Scope and Burp Suite tools

3.3 Scope inclusion versus exclusion

3.4 Dropping out-of-scope requests

3.5 Dealing with upstream proxies and SOCKS proxies
3.5.1 Types of proxies supported by Burp
3.5.2 Working with SOCKS proxies
3.5.3 Using SSH tunneling as a SOCKS proxy
3.5.4 Setting up Burp to be a proxy server for
other devices

Multiple ways to add targets to the scope

Target > Site map > add to scope

Loading a list of targets from a fle (略)

Scope and Burp Suite tools

配置 scope 的一些优势
1 You can set display flters for the target site map and Proxy HTTP history.
This allows us to focus on the task at hand, and everything else is kept
hidden away
1 更方便地使用一些内置过滤器/在大量无关HTTP请求流经 proxy 时,过滤器比较有效
2 The Proxy can be confgured to only intercept in-scope items—a highly
desirable option in my opinion.
2 控制 proxy 只 intercept 范围 (scope) 内的域名
3 Only in-scope items for spidering or live scanning in the scanner can be done.
3 比较方便的控制 spider 和 scanner 模块

Scope inclusion versus exclusion

Scope exclusion 的一些用法

把 logout / comment (评论) / 发送邮箱 相关的接口放到 除外列表。

Dropping out-of-scope requests

Project Options > Connections > Out-of-Scope Requests > drop all out-of-scope requests

Dealing with upstream proxies and SOCKS proxies

3.5.1 Types of proxies supported by Burp
3.5.2 Working with SOCKS proxies
3.5.3 Using SSH tunneling as a SOCKS proxy
3.5.4 Setting up Burp to be a proxy server for

Types of proxies supported by Burp

User Options > Connections > Upstream Proxy Servers

Working with SOCKS proxies

User Options > Connections > SOCKS proxy

Using SSH tunneling as a SOCKS proxy

SSH tunneling socks proxy
使用 ssh 临时打开一个 SOCKS 代理

ssh -D [<interface>:]<port> user@hostname.com
# 仅允许本地访问
ssh -D 127.0.0.1:9999 user@hostname.com
# 允许本地和内网其他主机访问
ssh -D 192.168.1.1:9999 user@hostname.com

这里补充一个用 XShell 的方式

编辑连接 > 连接 > SSH > 隧道

隧道方式选择 Dynamic (SOCKS4/5)

此时,SSH Client 是本地客户,被连接的 SSH Server 作为 Proxy Server。

就 XShell 而言,其实提供三种方式
Local (Outgoing) 把远程端口映射到本地
Remote (Incoming) 把本地端口映射到远程
Dynamic (SOCKS4/5) socket 代理

详细参考
Xshell 添加 ssh 隧道 SOCKS 代理
http://blog.51cto.com/php2012web/1669911

Setting up Burp to be a proxy server for other devices

Proxy > Options > Proxy Listeners
此处可以修改 Binding interface
改成 All interface 就可以为其他设备代理,常见的场景是测试 app 时为手机代理。

Leave a Reply

Your email address will not be published. Required fields are marked *