Burp 是一款网站漏洞查找器

下载网址https://portswigger.net/burp/communitydownload

{{pasted:20260309-120531.png?720}}

点击安装即可

其含有ai分析插件https://github.com/HernanRodriguez1/DeepSeek-Pentest-AI/

{{pasted:20260309-120554.png?720}}

下载后备用

jython运行环境https://www.jython.org/download

{{pasted:20260309-120628.png?720}}

下载后备用

点击设置\插件\Python环境，设置jython安装路径

{{pasted:20260309-120753.png?720}}

{{pasted:20260309-120845.png?720}}

点击设置\插件\增加 ，安装python插件

{{pasted:20260309-120929.png?720}}

谷歌浏览器安装 FoxyProxy 扩展

{{pasted:20260309-123404.png?720}}

点击 FoxyProxy 图标 → Options → Add

{{pasted:20260309-123459.png?720}}

   - Title: Burp
   - Type: HTTP
   - Hostname: 127.0.0.1
   - Port: 8080

{{pasted:20260309-123523.png?720}}

保存后点击图标选择 "Burp" 启用代理

{{pasted:20260309-123553.png}}

安装 CA 证书（HTTPS 抓包必需）

浏览器访问: http://burpsuite 或 http://127.0.0.1:8080

点击 "CA Certificate" 下载 cacert.der

{{pasted:20260309-123922.png?720}}

浏览器导入证书:

Chrome: 设置 → 隐私和安全 → 安全 → 管理设备证书 → 导入 → 受信任的根证书颁发机构

{{pasted:20260309-124017.png?720}}

{{pasted:20260309-124054.png?720}}

{{pasted:20260309-124114.png?720}}

{{pasted:20260309-124131.png}}

{{pasted:20260309-124141.png}}

点击Dashboard\New live task，新建task

{{pasted:20260309-125127.png}}

点击Target\Site map \open browser

{{pasted:20260309-124545.png?720}}

打开测试网址

{{pasted:20260309-125516.png?720}}

打开view/proxy

{{pasted:20260309-134552.png}}

打开intercept off

{{pasted:20260309-134544.png}}

打开浏览器 输入网址

{{pasted:20260309-134640.png}}

{{pasted:20260309-134706.png}}

点击Forward控制浏览步骤前进

{{pasted:20260309-135211.png}}

操纵网页，一直点前进

点击http history

可以看见浏览过程中的api调用情况

如目前这个网站的一些json配置是暴露在访问者权限上面的,需要进行加强

{{pasted:20260309-135051.png?720}}


更多学习资料

https://portswigger.net/web-security

{{pasted:20260309-135446.png}}


https://bbs.kanxue.com/

https://xz.aliyun.com/news

https://www.freebuf.com/