研究 学院 beplay2018官网
bepaly下载网址 bepaly下载官网 关于 博客 职业 合法的 接触 经销商

专业的社区

Burp Clickbandit

  • 最近更新时间:2022年5月6日

  • 阅读时间:2分钟

burp clickbandit是生成点击夹克攻击的工具。当您找到了可能容易受到点击夹克的网页时,您可beplay体育能用吗以使用burp clickbandit创建攻击,并确认可以成功利用漏洞。

This documentation covers the following areas:

笔记

Exercise caution when running Burp Clickbandit on untrusted beplay体育能用吗websites. Malicious JavaScript from the target site can subvert the HTML output that is generated by Burp Clickbandit.

Running Burp Clickbandit

Burp Clickbandit runs in your browser using JavaScript. It works on all modern browsers except for Microsoft IE and Edge.

To run Clickbandit, go to the Burp menu and selectBurp Clickbandit。Then use the following steps:

  1. 点击Copy Clickbandit to clipboard按钮。This will copy the Clickbandit script to your clipboard.
  2. In your browser, visit the beplay体育能用吗web page that you want to test, in the usual way.
  3. 在您的浏览器中,打开Web开发人员控制台。beplay体育能用吗这也可以称为开发者工具或者JavaScript console
  4. Paste the Clickbandit script into the beplay体育能用吗web developer console, and press enter.

The Burp Clickbandit banner will appear at the top of the browser window and the original page will be reloaded within a frame, ready for the attack to be performed.

Record mode

Burp Clickbandit first loads in record mode.点击开始to load the site. Perform one or more mouse clicks to record your点击劫机攻击。Typically, this will involve performing the mouse clicks that the victim user needs to perform to carry out some desired action.

By default, as clicks are recorded, they are also handled in the normal way by the target page.您可以使用Disable click actionscheckbox to record clicks without the target page handling them.

You can click theSandbox iframecheckbox to add the sandbox attribute to the iframe. This option will allow you to avoid frame busters.

完成录制后,单击结束button to enter review mode.

评论模式

录制攻击后,Burp clickbandit进入审核模式。这使您可以查看生成的攻击,并在原始页面UI上覆盖攻击UI。您可以单击攻击UI上的按钮以验证攻击是否有效。

The following commands are available in review mode:

  • +和 - 按钮可用于放大和输出。
  • Toggle transparencybutton lets you show or hide the original page UI.
  • 重启button restores the generated attack, as it was before any further clicks were made.
  • 节省button saves an HTML file containing the attack. This can be used as a real-world exploit of the clickjacking vulnerability.
  • You can use the keyboard arrow keys to reposition the attack UI if is not correctly aligned with the original page UI.