评估Burp社区版时,可备忘发现Burp发送了几件HTTPS请求而不验证服务器证书失效远程证书允许中间人拦截通信并注入新数据
检查更新
启动时,Burp发HTTPS请求到 httpss://[ip]/brp/Releases/ CheckForUpdates正常响应似如下:
{"result":"update_available","licenseId":"","manualDownloadUrl":"/burp/communitydownload/","autoDownloadUrl":"","updates":[{"description":"Various bugfixes and enhancements","builds":[{"installationType":"jar","filename":"burpsuite_community_v1.7.34.jar","fileSize":26400457},{"installationType":"linux","filename":"burpsuite_community_linux_v1_7_34.sh","fileSize":99994421},{"installationType":"macos","filename":"burpsuite_community_macos_v1_7_34.dmg","fileSize":87343864},{"installationType":"win32","filename":"burpsuite_community_windows-x86_v1_7_34.exe","fileSize":90715392},{"installationType":"win64","filename":"burpsuite_community_windows-x64_v1_7_34.exe","fileSize":94483712}],"productType":"community","releaseNotesUrl":"http://releases.portswigger.net/2018/06/1734.html","isStable":true,"version":"1.7.34","eulaContent":"","eulaSerialVersion":""}]}
中间人可以改变这些字段特别是,我们发现加入恶意 URL描述性字段危险性
![](//www.yyueer.com/sites/drupal.dmz.tenablesecurity.com/files/files/advisory/burp-update-panel-fake-message.png)
遥测数据
Burp发送远程测量数据到 https://[ip]/feedback/submit时无法验证服务器证书中间人可提取下列客户端数据:
Version: 0 ProductType: Free ProductVersion: 1.7.32 UniqueIdentifier: [removed] Type: 4000 Version: 0 DebuggerPresent: false JavaFX_support: true file_encoding: Cp1252 java_runtime_name: Java(TM) SE Runtime Environment java_runtime_version: 1.8.0_112-b15 java_specification_name: Java Platform API Specification java_specification_vendor: Oracle Corporation java_specification_version: 1.8 java_vendor: Oracle Corporation java_version: 1.8.0_112 java_vm_info: mixed mode java_vm_name: Java HotSpot(TM) 64-Bit Server VM java_vm_specification_name: Java Virtual Machine Specification java_vm_specification_vendor: Oracle Corporation java_vm_specification_version: 1.8 java_vm_vendor: Oracle Corporation java_vm_version: 25.112-b15 max_memory: 518,979,584 os_arch: amd64 os_name: Windows NT (unknown) os_version: 10.0 sun_arch_data_model: 64 sun_cpu_endian: little Type: 5000 Version: 0 FEATURE_TYPE: SUITE_PROCESS_BURP_LAUNCHED TYPE: FEATURE_USE