The feeling of really falling in love with a person is that no matter how nice someone else is, thanks to your appearance, enough to make me happy for a lifetime…

—- netease Cloud review

(1) Target, when we capture the packet, right click to send it to the Intruder module, which will automatically fill in the information

2. Set blasting mode, i.e., parameters

1. Sniper: Crack variables in sequence with only one dictionary

2. Battering ran: Hash variables at the same time with the same username and password and only one dictionary

3. Pitch fork: Each variable will have a dictionary, user name and password one by one, two dictionaries

4. Cluster bomb: Each variable will correspond to a dictionary, and intersection crack will try to match each combination, each user and each password, two dictionaries

5. Add blasting parameters, select parameters and click Add$

6. Clear blasting parameters, select the parameters and click Clear $

Loads loads to set the dictionary

1. Set blasting position and dictionary type, including:

Simple list: Simple dictionary

Runtime file: Indicates a running file

Custom iterator: a Custom iterator

Character Substitution: Character substitution

Recursive grep: Recursive search

Illegal Unicode: indicates Illegal characters

Character blocks: Character blocks

Numbers: a combination of Numbers

Dates: indicates the combination of Dates

Brute Forcer: Brute force cracking

Null payloads: empty content

Username generator: generates a Username

Copy other Payload: Copies other payload

2. Encode, encrypt, and intercept the payload before sending a request

Add Prefix: Adds a text Prefix

Add suffix: Add a word suffix

Match/replace: The regular expression that will replace the Match

Substring: Intercepts the length of the string starting from 0

Reverse SubString: Matches strings backwards

Modify case: Change the case of letters

Encode: Encode the payload by URL,HTML,Base64,ASCII, or hexadecimal string

Hash: Selects the Hash value of the payload, such as MD5 or SHA-512

Add raw payload: Adds the original payload to the encoded payload

Skip if matches regex: Skip if matches regex

Invoke Burp Extension: Invoke an Extension

Configure which payload characters should be URL-encoded

Four, set the number of blasting threads and request interval

5. Software download address

1. Public account reply: 20210531

2. Video Private message: 20210531

Illegal prohibition, at your own risk

Welcome to the public number: Web security tool library

Welcome to pay attention to the video number: it is also

This article uses the article synchronization assistant to synchronize