Burpsuite Extender Apply in Vulnerability Scanning

doi:10.3969/j.issn.1671-1122.2016.09.019

Abstract

Abstract:

Burpsuite is a world-renowned leading integrated platform of Web attack, and the platform includes web proxy, web crawler, scanner, automated attack, decoder, repeater and so on.It supports writing custom plugins to extend Burpsuit. In this paper, the work method of Burpsuite tool is studied in depth, and the new method and function of Burpsuite tool is excavated. From the perspective of web security testing, as an example of the popular struts security vulnerabilities, we give full play to the advantages of Burpsuite tools and write a number of Struts vulnerability detection tools.By Burpsuite tool platform,we realize automation Struts vulnerability detection ,identification, and join the coding distortion, to bypass the web application firewall protection means test. And it will play an important role in the safety testing.

Key words: Bupsuite, vulnerability scanning, information security

CLC Number:

TP309

Shiyuan YU, Yutian WANG, Xin LIU. Burpsuite Extender Apply in Vulnerability Scanning[J]. Netinfo Security, 2016, 16(9): 94-97.

References 9

[1]	廖文军,朱晓乾,万开.浅析Struts2两个安全漏洞的原理、利用与防范[J].电子测试,2014(20):61-63.
[2]	韦鲲鹏,葛志辉,杨波 . PHP Web应用程序上传漏洞的攻防研究[J]. 信息网络安全,2015(10):53-60.
[3]	郑先伟. ApacheStruts2Web应用框架再现严重安全漏洞[J].中国教育网络, 2013(6):48.
[4]	叶嘉羲,张权,王剑. 基于权限控制和脚本检测的Webview漏洞防护方案研究[J]. 信息网络安全,2015(3):38-43.
[5]	赵星. 网站暴力破解攻击及防御措施[J].山西电子技术,2016(1):52-54.
[6]	朱圣才,徐御,王火剑. 常见源代码安全漏洞分析与研究[J]. 信息网络安全,2014(2):48-52.
[7]	Portswigger.Burpsuite官方文档[EB/OL].,2016-1-15.
[8]	孙哲,刘大光,武学礼,等. 基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现[J]. 信息网络安全,2014(6):23-30.
[9]	何成万,余秋惠. MVC模型2及软件框架Struts的研究[J].计算机工程,2002,28(6):274-275.

[1]	Yihua ZHOU, Zhuqing LV, Yuguang YANG, Weimin SHI. Data Deposit Management System Based on Blockchain Technology [J]. Netinfo Security, 2019, 19(8): 8-14.
[2]	Lin LI, Xuxia ZHANG. National Secret Substitution of zk-snark Bilinear Pair [J]. Netinfo Security, 2019, 19(10): 10-15.
[3]	Yan CHEN, Jianyong GE, Jing LAI, Zhen LU. Security System of the Information System in the Cloud [J]. Netinfo Security, 2018, 18(4): 79-86.
[4]	Congdong LV, Zhen HAN. A Security Model of Cloud Computing Based on IP Model [J]. Netinfo Security, 2018, 18(11): 27-32.
[5]	Baoyuan KANG, Jiaqiang WANG, Dongyang SHAO, Chunqing LI. A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks [J]. Netinfo Security, 2018, 18(1): 23-30.
[6]	Chunhua GU, Yuan GAO, Xiuxia TIAN. Security Optimized RBAC Access Control Model [J]. Netinfo Security, 2017, 17(5): 74-79.
[7]	Zhong LIANG, Jiakun ZHOU, Han ZHU, Bo CHEN. Research on Aggregation Technology for Information Security Knowledge Based on Security Ontology [J]. Netinfo Security, 2017, 17(4): 78-85.
[8]	Jingzhe ZHOU, Changsong CHEN. Analysis of Network Information Security in the Cloud Computing Architecture [J]. Netinfo Security, 2017, 17(11): 74-79.
[9]	Qi SU, Wei WANG, Yin LIU, Zhanpeng YU. Research on the Scheme of Information Security Protection in Electric Power Industry [J]. Netinfo Security, 2017, 17(11): 84-88.
[10]	Nana HUANG, Liang WAN, Xuankun DENG, Huifan YI. A Cross Site Script Vulnerability Detection Technology Based on Sequential Minimum Optimization Algorithm [J]. Netinfo Security, 2017, 17(10): 55-62.
[11]	Lei ZHANG, Dongsheng YU, Jun YANG, Jiming HU. Research on Information Security Supervision Strategy Based on Private Cloud Model [J]. Netinfo Security, 2017, 17(10): 86-89.
[12]	Yubin WANG, Si CHEN, Nan CHENG. Research on Industrial Control System Security Defense [J]. Netinfo Security, 2016, 16(9): 35-39.
[13]	Xin FU, Yuhua LU, Zijian SHAO. Research on Information Security Simulation Experimental Platform of Public Security Video Monitoring System [J]. Netinfo Security, 2016, 16(9): 56-59.
[14]	Tao LI, Chi ZHANG. Research on Network Security Risk Model Based on the Information Security Level Protection Standards [J]. Netinfo Security, 2016, 16(9): 177-183.
[15]	Xinyi HAN. Research on Network Information Security Regulation of Megalopolises [J]. Netinfo Security, 2016, 16(6): 74-80.