无需验证也可以重置邮箱账户密码？BurpSuite抓包学习一下

作者：FancyPig | 发布时间：2022-01-28 23:09:47 | 更新时间：2023-02-05 17:19:22

杂谈

上一期我们其实在讨论盗号相关的话题时，就讲过BurpSuite抓包中的Repeater功能，可以在拦截包之后，重新修改请求（当然，你也可以通过浏览器的hackbar插件）今天同样是Repeater功能，带大家来体验下，在存在漏洞的网站中，如何拦截发送邮件的目的地址，从而让用户的邮箱账户重置链接发送到黑客的邮箱系统中

视频讲解

其他玩法

BurpSuite在视频中是通过Kali打开的，我们还可以在Windows系统下打开，浏览器可以使用FoxyProxy插件，会方便我们调整代理端口以及正常使用浏览器。之前的渗透测试课程中也专门讲解过

第3节课 03.2 2 基于表单的暴力破解实验演示及burpsute使用介绍

data-postsbox="{"id":4016,"title":"【视频教程】web安全从入门到“放弃” pikachu靶场实战攻略","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4654,"comment_count":235,"category":"lsources","is_forum_post":false}">{"id":4016,"title":"【视频教程】web安全从入门到“放弃” pikachu靶场实战攻略","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4654,"comment_count":235,"category":"lsources","is_forum_post":false}

第20节 7.2-使用kali下BurpSuite对discuz后台注入php木马

data-postsbox="{"id":3499,"title":"【在线学习】2021年零基础安全渗透实战系列","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":8843,"comment_count":456,"category":"cybersecurity","is_forum_post":false}">{"id":3499,"title":"【在线学习】2021年零基础安全渗透实战系列","author":"Sec-Labs","author_id":10015,"cover_image":"","cover_video":"","views":8843,"comment_count":456,"category":"cybersecurity","is_forum_post":false}

通过BurpSuite修改包完成SQL注入登录后台

data-postsbox="{"id":4189,"title":"【视频学习】如何使用burpsuite配合sql注入黑掉网站后台","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3337,"comment_count":136,"category":"cybersecurity","is_forum_post":false}">{"id":4189,"title":"【视频学习】如何使用burpsuite配合sql注入黑掉网站后台","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":3337,"comment_count":136,"category":"cybersecurity","is_forum_post":false}

标签：burpsuite, burpsuite是什么工具, burpsuite爆破密码, burpsuite破解版, burpsuite repeater功能, burpsuite repeater, burpsuite破解版安装教程

无需验证也可以重置邮箱账户密码？BurpSuite抓包学习一下

相关工具

杂谈

视频讲解

其他玩法