• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

对某app的一次渗透测试


ktnNinja

Recommended Posts

介绍下自己,我是ktnNinja,一名练习了两年的渗透测试练习生~

本菜鸡认为app渗透测试其实和web测试非常相似,app同样存在OWASP TOP 10漏洞,和中间件漏洞,所以在做app渗透测试的时候对于新手还是建议遵守web渗透思维导图,他能让你对渗透目标更全面的了解和测试!

当然对于老师傅来说,爱咋地咋滴吧(反正你们都比我厉害)~

既然上面说了app和web渗透测试有很多的相同点,所以我们就要用到web渗透测试神器BurpSuite!

关于app抓包:

环境 windows+逍遥模拟器7.1+BurpSuite

第一步:当然是导入证书啦:

不多废话直接给连接了,我懒:https://blog.csdn.net/Bul1et/article/details/83818380

第二部:开始抓包:

配置代理开始抓包

image.png.6a90a7d480592d1ae0444a0253af49e9.png

image.png.555f46c6de0949a4fc05e81a6ab9ee1d.png

image.thumb.png.76f4f8eb3552bb28f16fbb738f210399.png

第三步:开始抓包(全程马赛克!!!):

原谅我的马赛克

 

image.thumb.png.169eeb2ae2e5eef3b97769edc707c73c.png

配置好代理,打开app后发现已经可以看见app的包了,可以发现该app的url,还有ip地址,这时候各位小师傅就能去做一些信息收集的操作了,比如说扫描端口,子域名爆破,中间件查找等等等等(一个好习惯:记得打一个带有闭合符的xss,总会有收获的~)。

在我初学渗透测试的时候,我的老师告诉我一切数据可测试!

在抓包的过程中,我发现该app查看个人信息页面存在一个横向越权漏洞!

于是我用burp的Intruder模块对该数据包进行了id遍历操作

image.png.7756aab064dd0fe7f6b41d1125d132f4.png

image.png.6ec9f2bb8c6402c83bb7d2e0daf90933.png

image.png.328e8d4e7bb551b62a95f5487ea6ca3b.png

之后的事情就很简单了,提交漏洞,或者.....

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now