如何使用 Collaborator Everywhere
<!–more–>
使用方法
https://github.com/PortSwigger/collaborator-everywhere
注意,要现在 scope 中设置范围, collaborator-everywhere 之后才会工作,且只对范围内的请求,修改/添加 HTTP 请求头。
捕获到的请求
GET /wp-content/uploads/2018/05/138-140FP91001-1024x640.jpg HTTP/1.1
Host: wp.blkstone.me
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@hvgwzou2c52d11kl8cd4nr16yx4r8fx.burpcollaborator.net
Accept: image/webp,*/*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://3gkikafoxrnzmn57tyyq8dmsjjpdn1c.burpcollaborator.net/ref
If-Modified-Since: Sat, 19 May 2018 09:49:59 GMT
If-None-Match: "19f18-56c8bfdde1fc0"
Cache-Control: no-transform
X-Wap-Profile: http://a5gp9h4vmyc6buuei5nxxkbz8qek68v.burpcollaborator.net/wap.xml
CF-Connecting_IP: spoofed.uec9i1dfvilqke3yrpwh64kjhan4gs5.burpcollaborator.net
True-Client-IP: spoofed.ttq8x0seah0pzdix6obgl3ziw923wrl.burpcollaborator.net
X-Originating-IP: spoofed.vlkap2kg2jsrrfazyq3id5rkobu5pte.burpcollaborator.net
Forwarded: for=spoofed.nzq23uy8gb6j57orciharx5c238x4lt.burpcollaborator.net;by=spoofed.nzq23uy8gb6j57orciharx5c238x4lt.burpcollaborator.net;host=spoofed.nzq23uy8gb6j57orciharx5c238x4lt.burpcollaborator.net
X-Forwarded-For: spoofed.87dnbf6towe4dswck3pvzidxaogid62.burpcollaborator.net
X-Client-IP: spoofed.stp7xzsdag0ozciw6nbfl2zhw8221qq.burpcollaborator.net
X-Real-IP: spoofed.7fnmjeeswvm3lr4bs2xu7hlwinoho5d.burpcollaborator.net
From: root@wjjbn3ih0kqspg80wr1jb6plmcs6tui.burpcollaborator.net
Client-IP: spoofed.4lqjpbkp2ss0roa8yz3rdertokuew2l.burpcollaborator.net
Contact: root@nzq23uy8gb6j57orciharx5c238xbl0.burpcollaborator.net
Leave a Reply