我正在尝试在网络安全课程中进行黑客练习。但是,我坚持理解如何使用 Burp Suite。
这是原始数据:
GET /ekohshahrabohpha/cgi-bin/users.php HTTP/1.1
Host: 134.219.148.11:61166
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4
Accept-Language: en-us
Referer: http://134.219.148.11:61166/ekohshahrabohpha/
Accept-Encoding: gzip, deflate
这是标头 - 如何编辑标头以包含一些 bash 命令注入以访问以下 URL?
GET /ekohshahrabohpha/ HTTP/1.1
Host 134.219.148.11:61166
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0(Macintosh; Intel Mac OS X ... )
Accept-Language en-us
Cache-Control max-age=0
Connection close
我试图破解的IP地址是:134.219.148.11.61166
当我打破它时,我会得到一个新的IP地址。
下面是页面的源代码。
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Level 2</title>
<link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" rel="stylesheet">
<link href="http://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-theme.min.css" rel="stylesheet">
<link href="site.css" rel="stylesheet">
</head>
<body>
<div class="container">
<div class="page-header">
<h1>Level 2</h1>
<p class="lead">
<h2>Active Users</h2>
</p>
</div>
<div id="userlist">
<pre>Checking for users...</pre>
</div>
</div>
<script language="JavaScript">
var http_request = false;
function getusers() {
if (window.XMLHttpRequest) { // non IE
http_request = new XMLHttpRequest();
}
else if (window.ActiveXObject) { //
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (error) {}
}
if (!http_request) {
alert('Cannot create XML HTTP instance');
return false;
}
http_request.onreadystatechange = stateManager;
var myurl = "cgi-bin/users.php";
var f = document.getElementById("filter");
if (f != null) {
if (f.value != '') {
myurl = myurl + "?filter=" + f.value;
}
}
http_request.open("GET", myurl, true);
http_request.send(null);
}
function stateManager() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
updatepage(http_request.responseText);
} else {
alert('There was a problem with the request.');
}
}
}
function updatepage(str) {
document.getElementById("userlist").innerHTML = str;
}
setTimeout("getusers()", 5000);
</script>
</body>
</html>