Author: Bob Jiang
Date: 8/8/2023
Introduction
This is a note about how to test website using burp suite (community) in an UAT WiFi environment based on OWSAP top 10 and WSTG.
- Reference[1]: portswigger.net/support/usi…
- Reference[2]: owasp.org/www-project…
WiFi Connection
Connect to the UAT WiFi
- Proxy in Settings of PC: (手动更改代理设置)
- Turn on
- Port: 8081
- Address: 127.0.0.1
- Burp suite upstream proxy servers:
- Destination host: *
- Auth type: None
- upstream (10.190.127.1:16220)
- Burp suite settings:
- Turn on
- Address: 127.0.0.1
- Bind to address: All interfaces*
- Port: 8080
plese check everytime buy clicking "edit"
normally use 8081 instead of 8080 (To avoid 8080 port is occupied)
8080端口是被用于WWW代理服务的,可以实现网页浏览;
127.0.0.1等于localhost; localhost相当于本机的IP地址,一般默认为127.0.0.1
Disconnect to the UAT WiFi
- Shutdown the burp before disconnection of UAT WiFi
- Remember to turn off the
manual poxy setup
Testing
Sql Injection testing
- Http data injection
- For test cases, please refer to
SQL injection payloads - Turn on the
Interceptand load the http request
- Right click the mouse and send the request you wanna test to
Intruder.
- Negivate to the
Intruderand select the content you want to inject by adding$$
- Paste the injection payload or load the test file and start attack.
