Shulou(Shulou.com)06/03 Report--

This article mainly shows you "VMware, nmap, burpsuite how to install", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "VMware, nmap, burpsuite how to install" this article.

VMware BurpSuite

Download the cracked version of VMware,BurpSuite at:

Http://xiazai.jb51.net/202109/yuanma/vmware-workstation_jb51.rar

VMware,BurpSuite activation code:

Just activate the F71R-DMX85-08DQY-8YMNC-PPHV8 activation code directly.

I. installation and use of virtual machine images and VMware

Virtual machine is a technology that simulates computer software and hardware environment through software.

VMware Workstation is a widely used virtual machine software at present.

II. Installation and use of nmap in virtual machines

Port scanning can not only be used by hackers, but also a necessary tool for network security workers. Through the scanning of the port, we can understand the loopholes in the website and the opening of the port. It has an indispensable contribution to website security. At present, the main port scanning tools on the market are X_Scan, SuperScan and nmap, among which nmap is the main push here.

1.nmap includes four basic functions:

Host Discovery (Host Discovery) Port scan (Port Scanning) version Detection (Version Detection) operating system Detection (Operating System Detection)

2.nmap command usage:

# nmap [scan Type] [option] {Target description}

Common options for 3.nmap:

Scan option name function

-g specifies the source port to send packets using a specific source port

-spoofmac Mac spoofs to create fake mac and randomize mac addresses

-S source Ip address spoofing source IP, or specifying source IP

-e Select the network port to select the network port to send and receive data

-F Quick scan the default scan in the namp-services file is reduced to 100 ports

-p determine the port range and select the scan port

-N NDS parsing executes reverse lookup

-R reverse lookup force reverse lookup

-A radical enables many scanning options, such as version scanning and script scanning (with caution)

Common scan types of 4.nmap

Scan type name function

-sA ACK scan to check whether the port is open, which can be used to detect firewalls

-sP Ping scan to quickly discover the network

-sR PRC scan to locate the PRC, and record the machine that was successfully scanned

-sS TCP SYN scan fast and covert scan, semi-open scan

-sU UDP scan to determine if a specific UDP port is open

-sX XMAS scan covert scan, scan a specific configuration of the firewall

-sL list scanning objects list the IP to be scanned, use the-n option to ensure that no packets are sent to the network

-sO IP protocol scan for hosts using IP protocol

-sM FIN/ACK covert scanning, suitable for unix systems. Find RST packet

-sI idle scan zombie host scan, very hidden

5. Output format

Output format name function

-oA all searchable, regular, and XML files

-retrievable format that can be retrieved by oG

-oX XML XML format

-oN regular format, suitable for people to read

III. Java environment configuration and burpsuite installation and use

Burp Suite is an integrated platform for attacking web applications. It is mainly used for security penetration testing. The tools in it:

1.Target (target)-A function that displays the structure of the target directory

2.Proxy (proxy)-A proxy server that intercepts HTTP/S and acts as an intermediary between the browser and the target application, allowing you to intercept, view, and modify the original data flow in both directions.

3.Spider (crawler)-is a web crawler that applies intelligence, which can fully enumerate the content and functions of the application.

4.Scanner (Scanner) [Professional version only]-is an advanced tool that automatically discovers security vulnerabilities in web applications after execution.

5.Intruder (intrusion)-is a customized, highly configurable tool to automate attacks on web applications, such as enumerating identifiers, collecting useful data, and using fuzzing technology to detect general vulnerabilities.

6.Repeater (repeater)-A tool that reissues individual HTTP requests manually and analyzes the application response.

7.Sequencer (session)-is a tool for analyzing the randomness of unpredictable application session tokens and important data items.

8.Decoder (Decoder)-is a tool for manual execution or intelligent decoding and encoding of application data.

9.Comparer (compare)-is a practical tool, usually through some related requests and responses to get a visual "difference" between the two pieces of data.

10.Extender-allows you to load Burp Suite extensions and use your own or third-party code to extend the functionality of Burp Suit.

11.Options (Settings)-some settings for Burp Suite

Packet capture process:

1. First of all, you need to open the IE browser, find the tools, click the Internet option, and set the browser proxy address to 127.0.0.1 and port 8080.

2.. Then open burpsuite to make sure that the proxy address set is the same as the browser.

3. Then open the browser and you will see that all the open web browsing records have passed through burpsuite.

4. When Intercept is on, the intercept feature is enabled.

5. Where the site can be entered, such as search, type "2015", turn on the burpsuite intercept function, you can see the post request, and the last side is the submitted data.

6. Right-select send to repeater or shortcut key ctrl+r to intercept the data packet into the repeater item, directly modify the data, click go to submit, then the response data is the modified page and information.

The above is all the contents of the article "how to install VMware, nmap and burpsuite". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.