burp-suite-testing

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Burp Suite Web Application Testing

Burp Suite Web应用测试

Purpose

用途

Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows. This skill enables systematic discovery and exploitation of web application vulnerabilities through proxy-based testing methodology.

使用Burp Suite的集成工具集执行全面的Web应用安全测试，包括HTTP流量拦截与修改、请求分析与重放、自动化漏洞扫描以及手动测试流程。本技能通过基于代理的测试方法，可系统性地发现和利用Web应用漏洞。

Inputs / Prerequisites

输入条件/前置要求

Required Tools

必备工具

Burp Suite Community or Professional Edition installed
Burp's embedded browser or configured external browser
Target web application URL
Valid credentials for authenticated testing (if applicable)

已安装Burp Suite社区版或专业版
Burp内置浏览器或已配置的外部浏览器
目标Web应用的URL
（如适用）用于认证测试的有效凭据

Environment Setup

环境配置

Burp Suite launched with temporary or named project
Proxy listener active on 127.0.0.1:8080 (default)
Browser configured to use Burp proxy (or use Burp's browser)
CA certificate installed for HTTPS interception

已启动Burp Suite并创建/打开临时或命名项目
代理监听器在默认地址127.0.0.1:8080上处于活动状态
浏览器已配置为使用Burp代理（或使用Burp内置浏览器）
已安装CA证书以支持HTTPS拦截

Editions Comparison

版本功能对比

Feature	Community	Professional
Proxy	✓	✓
Repeater	✓	✓
Intruder	Limited	Full
Scanner	✗	✓
Extensions	✓	✓

功能	社区版	专业版
代理（Proxy）	✓	✓
重放器（Repeater）	✓	✓
入侵者（Intruder）	受限	完整功能
扫描器（Scanner）	✗	✓
扩展（Extensions）	✓	✓

Outputs / Deliverables

输出成果/交付物

Primary Outputs

主要输出

Intercepted and modified HTTP requests/responses
Vulnerability scan reports with remediation advice
HTTP history and site map documentation
Proof-of-concept exploits for identified vulnerabilities

已拦截和修改的HTTP请求/响应
包含修复建议的漏洞扫描报告
HTTP历史记录和站点地图文档
针对已识别漏洞的概念验证（PoC）利用代码

Core Workflow

核心流程

Phase 1: Intercepting HTTP Traffic

阶段1：拦截HTTP流量

Launch Burp's Browser

启动Burp内置浏览器

Navigate to integrated browser for seamless proxy integration:

Open Burp Suite and create/open project
Go to Proxy > Intercept tab
Click Open Browser to launch preconfigured browser
Position windows to view both Burp and browser simultaneously

导航至集成浏览器以实现无缝代理集成：

打开Burp Suite并创建/打开项目
进入Proxy > Intercept标签页
点击Open Browser启动预配置的浏览器
调整窗口位置，以便同时查看Burp和浏览器

Configure Interception

配置拦截规则

Control which requests are captured:

Proxy > Intercept > Intercept is on/off toggle

When ON: Requests pause for review/modification
When OFF: Requests pass through, logged to history

控制哪些请求会被捕获：

Proxy > Intercept > 拦截开关（开启/关闭）

开启时：请求会暂停以进行查看/修改
关闭时：请求直接通过，记录到历史记录中

Intercept and Forward Requests

拦截并转发请求

Process intercepted traffic:

Set intercept toggle to Intercept on
Navigate to target URL in browser
Observe request held in Proxy > Intercept tab
Review request contents (headers, parameters, body)
Click Forward to send request to server
Continue forwarding subsequent requests until page loads

处理已拦截的流量：

将拦截开关设置为开启（Intercept on）
在浏览器中访问目标URL
在Proxy > Intercept标签页中查看被暂停的请求
检查请求内容（头部、参数、主体）
点击Forward将请求发送至服务器
持续转发后续请求直至页面加载完成

View HTTP History

查看HTTP历史记录

Access complete traffic log:

Go to Proxy > HTTP history tab
Click any entry to view full request/response
Sort by clicking column headers (# for chronological order)
Use filters to focus on relevant traffic

访问完整的流量日志：

进入Proxy > HTTP history标签页
点击任意条目查看完整的请求/响应
点击列标题进行排序（#号列为按时间顺序）
使用过滤器聚焦相关流量

Phase 2: Modifying Requests

阶段2：修改请求

Intercept and Modify

拦截并修改请求

Change request parameters before forwarding:

Enable interception: Intercept on
Trigger target request in browser
Locate parameter to modify in intercepted request
Edit value directly in request editor
Click Forward to send modified request

在转发前更改请求参数：

启用拦截：设置为Intercept on
在浏览器中触发目标请求
在已拦截的请求中找到需要修改的参数
在请求编辑器中直接编辑参数值
点击Forward发送修改后的请求

Common Modification Targets

常见修改目标

Target	Example	Purpose
Price parameters	`price=1`	Test business logic
User IDs	`userId=admin`	Test access control
Quantity values	`qty=-1`	Test input validation
Hidden fields	`isAdmin=true`	Test privilege escalation

目标	示例	目的
价格参数	`price=1`	测试业务逻辑
用户ID	`userId=admin`	测试访问控制
数量值	`qty=-1`	测试输入验证
隐藏字段	`isAdmin=true`	测试权限提升

Example: Price Manipulation

示例：价格篡改

http

POST /cart HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded

productId=1&quantity=1&price=100

http

POST /cart HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded

productId=1&quantity=1&price=100

Modify to:

修改为：

productId=1&quantity=1&price=1


Result: Item added to cart at modified price.

productId=1&quantity=1&price=1


结果：商品以修改后的价格添加至购物车。

Phase 3: Setting Target Scope

阶段3：设置目标范围

Define Scope

定义测试范围

Focus testing on specific target:

Go to Target > Site map
Right-click target host in left panel
Select Add to scope
When prompted, click Yes to exclude out-of-scope traffic

聚焦于特定目标进行测试：

进入Target > Site map
在左侧面板中右键点击目标主机
选择Add to scope（添加至范围）
出现提示时，点击Yes以排除范围外的请求

Filter by Scope

按范围过滤

Remove noise from HTTP history:

Click display filter above HTTP history
Select Show only in-scope items
History now shows only target site traffic

清除HTTP历史记录中的无关内容：

点击HTTP历史记录上方的显示过滤器
选择Show only in-scope items（仅显示范围内条目）
历史记录现在仅显示目标站点的流量

Scope Benefits

设置范围的优势

Reduces clutter from third-party requests
Prevents accidental testing of out-of-scope sites
Improves scanning efficiency
Creates cleaner reports

减少第三方请求造成的干扰
避免意外测试范围外的站点
提高扫描效率
生成更清晰的报告

Phase 4: Using Burp Repeater

阶段4：使用Burp Repeater

Send Request to Repeater

将请求发送至Repeater

Prepare request for manual testing:

Identify interesting request in HTTP history
Right-click request and select Send to Repeater
Go to Repeater tab to access request

准备用于手动测试的请求：

在HTTP历史记录中找到感兴趣的请求
右键点击请求并选择Send to Repeater（发送至Repeater）
进入Repeater标签页查看该请求

Modify and Resend

修改并重发请求

Test different inputs efficiently:

1. View request in Repeater tab
2. Modify parameter values
3. Click Send to submit request
4. Review response in right panel
5. Use navigation arrows to review request history

高效测试不同输入：

1. 在Repeater标签页中查看请求
2. 修改参数值
3. 点击Send提交请求
4. 在右侧面板中查看响应
5. 使用导航箭头查看请求历史

Repeater Testing Workflow

Repeater测试流程

Original Request:
GET /product?productId=1 HTTP/1.1

Test 1: productId=2    → Valid product response
Test 2: productId=999  → Not Found response  
Test 3: productId='    → Error/exception response
Test 4: productId=1 OR 1=1 → SQL injection test

原始请求：
GET /product?productId=1 HTTP/1.1

测试1: productId=2    → 有效商品响应
测试2: productId=999  → 未找到（Not Found）响应  
测试3: productId='    → 错误/异常响应
测试4: productId=1 OR 1=1 → SQL注入测试

Analyze Responses

分析响应

Look for indicators of vulnerabilities:

Error messages revealing stack traces
Framework/version information disclosure
Different response lengths indicating logic flaws
Timing differences suggesting blind injection
Unexpected data in responses

寻找漏洞迹象：

暴露堆栈跟踪的错误信息
框架/版本信息泄露
不同的响应长度暗示逻辑缺陷
响应时间差异暗示盲注
响应中出现意外数据

Phase 5: Running Automated Scans

阶段5：运行自动化扫描

Launch New Scan

启动新扫描

Initiate vulnerability scanning (Professional only):

Go to Dashboard tab
Click New scan
Enter target URL in URLs to scan field
Configure scan settings

启动漏洞扫描（仅专业版支持）：

进入Dashboard标签页
点击New scan（新建扫描）
在URLs to scan（待扫描URL）字段中输入目标URL
配置扫描设置

Scan Configuration Options

扫描配置选项

Mode	Description	Duration
Lightweight	High-level overview	~15 minutes
Fast	Quick vulnerability check	~30 minutes
Balanced	Standard comprehensive scan	~1-2 hours
Deep	Thorough testing	Several hours

模式	描述	时长
轻量级（Lightweight）	高层级概览扫描	~15分钟
快速（Fast）	快速漏洞检查	~30分钟
平衡（Balanced）	标准全面扫描	~1-2小时
深度（Deep）	彻底测试	数小时

Monitor Scan Progress

监控扫描进度

Track scanning activity:

View task status in Dashboard
Watch Target > Site map update in real-time
Check Issues tab for discovered vulnerabilities

跟踪扫描活动：

在Dashboard中查看任务状态
实时查看Target > Site map的更新
查看Issues标签页中的已发现漏洞

Review Identified Issues

查看已识别的漏洞

Analyze scan findings:

Select scan task in Dashboard
Go to Issues tab
Click issue to view:
- Advisory: Description and remediation
- Request: Triggering HTTP request
- Response: Server response showing vulnerability

分析扫描结果：

在Dashboard中选择扫描任务
进入Issues标签页
点击漏洞查看详情：
- Advisory（建议）：漏洞描述与修复方案
- Request（请求）：触发漏洞的HTTP请求
- Response（响应）：显示漏洞的服务器响应

Phase 6: Intruder Attacks

阶段6：Intruder攻击

Configure Intruder

配置Intruder

Set up automated attack:

Send request to Intruder (right-click > Send to Intruder)
Go to Intruder tab
Define payload positions using § markers
Select attack type

设置自动化攻击：

将请求发送至Intruder（右键点击 > Send to Intruder）
进入Intruder标签页
使用§标记定义载荷位置
选择攻击类型

Attack Types

攻击类型

Type	Description	Use Case
Sniper	Single position, iterate payloads	Fuzzing one parameter
Battering ram	Same payload all positions	Credential testing
Pitchfork	Parallel payload iteration	Username:password pairs
Cluster bomb	All payload combinations	Full brute force

类型	描述	使用场景
狙击手（Sniper）	单个位置，遍历所有载荷	模糊测试单个参数
攻城锤（Battering ram）	所有位置使用相同载荷	凭据测试
草叉（Pitchfork）	并行遍历多组载荷	用户名:密码配对测试
集束炸弹（Cluster bomb）	所有载荷组合测试	全暴力破解

Configure Payloads

配置载荷

Positions Tab:
POST /login HTTP/1.1
...
username=§admin§&password=§password§

Payloads Tab:
Set 1: admin, user, test, guest
Set 2: password, 123456, admin, letmein

Positions标签页:
POST /login HTTP/1.1
...
username=§admin§&password=§password§

Payloads标签页:
集合1: admin, user, test, guest
集合2: password, 123456, admin, letmein

Analyze Results

分析结果

Review attack output:

Sort by response length to find anomalies
Filter by status code for successful attempts
Use grep to search for specific strings
Export results for documentation

查看攻击输出：

按响应长度排序以发现异常
按状态码过滤以找到成功尝试
使用grep搜索特定字符串
导出结果用于文档记录

Quick Reference

快速参考

Keyboard Shortcuts

键盘快捷键

Action	Windows/Linux	macOS
Forward request	Ctrl+F	Cmd+F
Drop request	Ctrl+D	Cmd+D
Send to Repeater	Ctrl+R	Cmd+R
Send to Intruder	Ctrl+I	Cmd+I
Toggle intercept	Ctrl+T	Cmd+T

操作	Windows/Linux	macOS
转发请求	Ctrl+F	Cmd+F
丢弃请求	Ctrl+D	Cmd+D
发送至Repeater	Ctrl+R	Cmd+R
发送至Intruder	Ctrl+I	Cmd+I
切换拦截状态	Ctrl+T	Cmd+T

Common Testing Payloads

常见测试载荷

undefined

undefined

SQL Injection

SQL注入

' OR '1'='1 ' OR '1'='1'-- 1 UNION SELECT NULL--

XSS

"><img src=x onerror=alert(1)> javascript:alert(1)

"><img src=x onerror=alert(1)> javascript:alert(1)

Path Traversal

路径遍历

../../../etc/passwd ........\windows\win.ini

Command Injection

命令注入

; ls -la | cat /etc/passwd

whoami

undefined

; ls -la | cat /etc/passwd

whoami

undefined

Request Modification Tips

请求修改技巧

Right-click for context menu options
Use decoder for encoding/decoding
Compare requests using Comparer tool
Save interesting requests to project

右键点击打开上下文菜单选项
使用解码器进行编码/解码
使用Comparer工具对比请求
将感兴趣的请求保存至项目

Constraints and Guardrails

约束与防护规则

Operational Boundaries

操作边界

Test only authorized applications
Configure scope to prevent accidental out-of-scope testing
Rate-limit scans to avoid denial of service
Document all findings and actions

仅测试经过授权的应用
配置测试范围以避免意外测试范围外的站点
限制扫描速率以避免拒绝服务（DoS）
记录所有发现和操作

Technical Limitations

技术限制

Community Edition lacks automated scanner
Some sites may block proxy traffic
HSTS/certificate pinning may require additional configuration
Heavy scanning may trigger WAF blocks

社区版缺少自动化扫描器
部分站点可能会阻止代理流量
HSTS/证书固定可能需要额外配置
深度扫描可能会触发WAF拦截

Best Practices

最佳实践

Always set target scope before extensive testing
Use Burp's browser for reliable interception
Save project regularly to preserve work
Review scan results manually for false positives

在进行大量测试前务必设置目标范围
使用Burp内置浏览器以确保可靠的拦截
定期保存项目以保留工作成果
手动复查扫描结果以排除误报

Examples

示例

Example 1: Business Logic Testing

示例1：业务逻辑测试

Scenario: E-commerce price manipulation

Add item to cart normally, intercept request
Identify
```
price=9999
```
parameter in POST body
Modify to
```
price=1
```
Forward request
Complete checkout at manipulated price

Finding: Server trusts client-provided price values.

场景：电商平台价格篡改

正常将商品添加至购物车，拦截请求
在POST主体中找到
```
price=9999
```
参数
修改为
```
price=1
```
转发请求
以修改后的价格完成结账

发现：服务器信任客户端提供的价格值。

Example 2: Authentication Bypass

示例2：认证绕过

Scenario: Testing login form

Submit valid credentials, capture request in Repeater
Send to Repeater for testing
Try:
```
username=admin' OR '1'='1'--
```
Observe successful login response

Finding: SQL injection in authentication.

场景：测试登录表单

提交有效凭据，在Repeater中捕获请求
将请求发送至Repeater进行测试
尝试：
```
username=admin' OR '1'='1'--
```
观察到成功登录的响应

发现：认证功能存在SQL注入漏洞。

Example 3: Information Disclosure

示例3：信息泄露

Scenario: Error-based information gathering

Navigate to product page, observe
```
productId
```
parameter
Send request to Repeater
Change
```
productId=1
```
to
```
productId=test
```
Observe verbose error revealing framework version

Finding: Apache Struts 2.5.12 disclosed in stack trace.

场景：基于错误的信息收集

导航至商品页面，观察
```
productId
```
参数
将请求发送至Repeater
将
```
productId=1
```
修改为
```
productId=test
```
观察到暴露框架版本的详细错误信息

发现：堆栈跟踪中泄露了Apache Struts 2.5.12版本信息。

Troubleshooting

故障排除

Browser Not Connecting Through Proxy

浏览器无法通过Proxy连接

Verify proxy listener is active (Proxy > Options)
Check browser proxy settings point to 127.0.0.1:8080
Ensure no firewall blocking local connections
Use Burp's embedded browser for reliable setup

验证代理监听器是否处于活动状态（Proxy > Options）
检查浏览器代理设置是否指向127.0.0.1:8080
确保没有防火墙阻止本地连接
使用Burp内置浏览器以获得可靠的配置

HTTPS Interception Failing

HTTPS拦截失败

Install Burp CA certificate in browser/system
Navigate to http://burp to download certificate
Add certificate to trusted roots
Restart browser after installation

在浏览器/系统中安装Burp CA证书
访问http://burp下载证书
将证书添加至受信任根证书列表
安装后重启浏览器

Slow Performance

性能缓慢

Limit scope to reduce processing
Disable unnecessary extensions
Increase Java heap size in startup options
Close unused Burp tabs and features

限制测试范围以减少处理量
禁用不必要的扩展
在启动选项中增加Java堆内存
关闭未使用的Burp标签页和功能

Requests Not Being Intercepted

请求未被拦截

Verify "Intercept on" is enabled
Check intercept rules aren't filtering target
Ensure browser is using Burp proxy
Verify target isn't using unsupported protocol

确认“Intercept on”已启用
检查拦截规则是否过滤了目标请求
确保浏览器正在使用Burp代理
验证目标站点未使用不支持的协议

When to Use

使用场景

This skill is applicable to execute the workflow or actions described in the overview.

当需要执行本概述中描述的流程或操作时，适用本技能。