Question

Next, you need a web browser and a web proxy. You’ll use the browser to examine the features of a target application. I recommend using Firefox, since it’s the simplest to set up with a proxy. You can also use two different browsers when hacking: one for browsing the target, and one for researching vulnerabilities on the internet. This way, you can easily isolate the traffic of your target application for further examination.

接下来，您需要一个网络浏览器和一个网络代理。使用浏览器来检查目标应用程序的功能。建议使用 Firefox，因为它是最容易与代理配对的。黑客时，也可以使用两个不同的浏览器：一个用于浏览目标，一个用于在网上研究漏洞。这样，您可以轻松地隔离目标应用程序的流量以进一步检查。

A proxy is software that sits between a client and a server; in this case, it sits between your browser and the web servers you interact with. It intercepts your requests before passing them to the server, and intercepts the server’s responses before passing them to you, like this:

代理是一种软件，它位于客户端和服务器之间；在这种情况下，它位于您的浏览器和您交互的 web 服务器之间。它在将您的请求传递给服务器之前截获它们，并在将服务器的响应传递给您之前截获它们，就像这样：

1. Browser <--------------> Proxy <--------------> Server

Using a proxy is essential in bug bounty hunting. Proxies enable you to view and modify the requests going out to the server and the responses coming into your browser, as I’ll explain later in this chapter. Without a proxy, the browser and the server would exchange messages automatically, without your knowledge, and the only thing you would see is the final resulting web page. A proxy will instead capture all messages before they travel to their intended recipient.

在漏洞赏金猎人的活动中，使用代理是必不可少的。如本章节所述，代理能够让你查看和修改发往服务器和从服务器返回到浏览器的请求和响应。如果没有代理，浏览器和服务器将自动交换信息，你将一无所知，只能看到最终显示的网页。代理将拦截所有信息，而不是让它们直接发送到其预定的接收者那里。

Proxies therefore allow you to perform recon by examining and analyzing the traffic going to and from the server. They also let you examine interesting requests to look for potential vulnerabilities and exploit these vulnerabilities by tampering with requests.

代理服务器因此允许您通过检查和分析发送到服务器和从服务器返回的流量来执行侦察。他们还允许您检查有趣的请求，以寻找潜在的漏洞，并通过篡改请求来利用这些漏洞。

For example, let’s say that you visit your email inbox and intercept the request that will return your email with a proxy. It’s a GET request to a URL that contains your user ID. You also notice that a cookie with your user ID is included in the request:

例如，假设您访问电子邮件收件箱并使用代理拦截将返回您的电子邮件的请求。这是一个 GET 请求，包含您的用户 ID 的 URL。您还注意到请求中包含具有您的用户 ID 的 cookie。

GET /emails/USER_ID HTTP/1.1
Host: example.com
Cookie: user_id=USER_ID

In this case, you can try to change the USER_ID in the URL and the Cookie header to another user’s ID and see if you can access another user’s email.

在这种情况下，您可以尝试在 URL 和 Cookie 头中更改 USER_ID 以使用另一个用户的 ID，以查看您是否可以访问另一个用户的电子邮件。

Two proxies are particularly popular with bug bounty hunters: Burp Suite and the Zed Attack Proxy (ZAP). This section will show you how to set up Burp, but you’re free to use ZAP instead.

两个代理服务器特别受到漏洞赏金猎人的欢迎：Burp Suite 和 Zed Attack Proxy（ZAP）。本节将向您展示如何设置 Burp，但您也可以自由选择使用 ZAP。

Opening the Embedded Browser

Both Burp Suite and ZAP come with embedded browsers. If you choose to use these embedded browsers for testing, you can skip the next two steps. To use Burp Suite’s embedded browser, click Open browser in Burp’s Proxy tab after it’s launched ( Figure 4-1 ). This embedded browser’s traffic will be automatically routed through Burp without any additional setup.

Both Burp Suite and ZAP are equipped with embedded browsers. If you choose to use these embedded browsers for testing, you can skip the next two steps. To use Burp Suite’s embedded browser, click “在 Burp 的代理选项卡中打开浏览器”(图 4-1)。这个内置浏览器的流量将自动通过 Burp 进行路由，无需进行任何其他设置。

Figure 4-1 : You can use Burp’s embedded browser instead of your own external browser for testing.

图 4-1：您可以使用 Burp 的内置浏览器而不是您自己的外部浏览器进行测试。

Setting Up Firefox

Burp’s embedded browser offers a convenient way to start bug hunting with minimal setup. However, if you are like me and prefer to test with a browser you are used to, you can set up Burp to work with your browser. Let’s set up Burp to work with Firefox.

Burp 嵌入式浏览器提供了一种方便的方法来开始进行最小化设置的漏洞狩猎。然而，如果你像我一样偏爱使用你已经习惯的浏览器进行测试，那么你可以设定 Burp 与你的浏览器一起工作。让我们来设定 Burp 可以和 Firefox 一起工作。

Start by downloading and installing your browser and proxy. You can download the Firefox browser from https://www.mozilla.org/firefox/new/ and Burp Suite from https://portswigger.net/burp/ .

从以下网址下载并安装你的浏览器和代理。你可以从 https://www.mozilla.org/firefox/new/ 下载 Firefox 浏览器，并从 https://portswigger.net/burp/ 下载 Burp Suite。

Bug bounty hunters use one of two versions of Burp Suite: Professional or Community. You have to purchase a license to use Burp Suite Professional, while the Community version is free of charge. Burp Suite Pro includes a vulnerability scanner and other convenient features like the option to save a work session to resume later. It also offers a full version of the Burp intruder, while the Community version includes only a limited version. In this book, I cover how to use the Community version to hunt for bugs.

漏洞赏金猎人使用 Burp Suite 的两个版本之一：专业版或社区版。使用 Burp Suite 专业版需要购买许可证，而社区版免费。Burp Suite Pro 包括漏洞扫描仪和其他方便的功能，例如保存工作会话以便稍后继续。它还提供了一个完整版的 Burp intruder，而社区版仅包含有限的版本。在这本书中，我介绍了如何使用社区版来寻找漏洞。

Now you have to configure your browser to route traffic through your proxy. This section teaches you how to configure Firefox to work with Burp Suite. If you’re using another browser-proxy combination, please look up their official documentation for tutorials instead.

现在您需要配置您的浏览器以通过代理路由流量。本部分将教您如何将 Firefox 配置为与 Burp Suite 一起使用。如果您使用其他浏览器-代理组合，请查阅其官方文档以获取教程。

Launch Firefox. Then open the Connections Settings page by choosing Preferences ▶ General ▶ Network Settings . You can access the Preferences tab from the menu at Firefox’s top-right corner ( Figure 4-2 ).

启动 Firefox。然后通过选择 Preferences▶General▶Network Settings 打开连接设置页面。您可以从 Firefox 右上角的菜单访问 Preferences 选项卡（见图 4-2）。

Figure 4-2 : You can find the Preferences option at the top-right corner of Firefox.

图 4-2：您可以在 Firefox 的右上角找到“偏好设置”选项。

The Connection Settings page should look like the one in Figure 4-3 .

连接设置页面应该像图 4-3 所示。

Select Manual proxy configuration and enter the IP address 127.0.0.1 and port 8080 for all the protocol types. This will tell Firefox to use the service running on port 8080 on your machine as a proxy for all of its traffic. 127.0.0.1 is the localhost IP address. It identifies your current computer, so you can use it to access the network services running on your machine. Since Burp runs on port 8080 by default, this setting tells Firefox to route all traffic through Burp. Click OK to finalize the setting. Now Firefox will route all traffic through Burp.

选择手动代理配置，并输入 IP 地址 127.0.0.1 和端口号 8080，适用于所有协议类型。这将告诉 Firefox 使用运行在您机器上 8080 端口的服务作为其所有流量的代理。127.0.0.1 是本地主机 IP 地址，它识别您当前的计算机，因此您可以使用它来访问在您机器上运行的网络服务。由于 Burp 默认运行在 8080 端口上，这个设置告诉 Firefox 将所有流量通过 Burp 路由。点击 OK 完成设置。现在 Firefox 将通过 Burp 路由所有流量。

Figure 4-3 : Configure Firefox’s proxy settings on the Connection Settings page.

图 4-3：在连接设置页面上配置 Firefox 的代理设置。

Setting Up Burp

After downloading Burp Suite, open it and click Next , then Start Burp . You should see a window like Figure 4-4 .

下载 Burp Suite 后，打开它并点击下一步，然后启动 Burp。您应该看到一个类似于图 4-4 的窗口。

Figure 4-4 : Burp Suite Community Edition startup window

图 4-4：Burp Suite 社区版启动窗口

Now let’s configure Burp so it can work with HTTPS traffic. HTTPS protects your data’s privacy by encrypting your traffic, making sure only the two parties in a communication (your browser and the server) can decrypt it. This also means your Burp proxy won’t be able to intercept HTTPS traffic going to and from your browser. To work around this issue, you need to show Firefox that your Burp proxy is a trusted party by installing its certificate authority (CA) certificate.

现在让我们配置 Burp，以便它可以处理 HTTPS 流量。 HTTPS 通过加密流量来保护您的数据隐私，确保只有通信中的双方（您的浏览器和服务器）才能解密它。这也意味着您的 Burp 代理将无法拦截您的浏览器发送和接收的 HTTPS 流量。为了解决这个问题，您需要向 Firefox 展示您的 Burp 代理是可信方，方法是安装其证书颁发机构（CA）证书。

Let’s install Burp’s certificate on Firefox so you can work with HTTPS traffic. With Burp open and running, and your proxy settings set to 127.0.0.1:8080, go to http://burp/ in your browser. You should see a Burp welcome page ( Figure 4-5 ). Click CA Certificate at the top right to download the certificate file; then click Save File to save it in a safe location.

让我们在 Firefox 上安装 Burp 的证书，这样您就可以处理 HTTPS 流量。在 Burp 打开和运行，并将代理设置为 127.0.0.1：8080 的情况下，转到浏览器中的 http://burp/。您应该看到 Burp 欢迎页面（图 4-5）。单击右上角的 CA 证书以下载证书文件；然后单击“另存为”以将其保存在安全位置。

Figure 4-5 : Go to http://burp/ to download Burp’s CA certificate.

图 4-5：访问 http://burp/下载 Burp 的 CA 证书。

Next, in Firefox, click Preferences ▶ Privacy & Security ▶ Certificates ▶ View Certificates ▶ Authorities . Click Import and select the file you just saved, and then click Open . Follow the dialog’s instructions to trust the certificate to identify websites ( Figure 4-6 ).

接下来，在 Firefox 中，点击 Preferences▶Privacy & Security▶Certificates▶View Certificates▶Authorities。点击导入并选择刚刚保存的文件，然后点击打开。按照对话框的指示信任证书以识别网站（图 4-6）。

Figure 4-6 : Select the Trust this CA to identify websites option in Firefox’s dialog.

图 4-6：在 Firefox 的对话框中选择信任此 CA 以识别网站选项。

Restart Firefox. Now you should be all set to intercept both HTTP and HTTPS traffic.

重新启动 Firefox。现在您已准备好拦截 HTTP 和 HTTPS 流量。

Let’s perform a test to make sure that Burp is working properly. Switch to the Proxy tab in Burp and turn on traffic interception by clicking Intercept is off . The button should now read Intercept is on ( Figure 4-7 ). This means you’re now intercepting traffic from Firefox or the embedded browser.

让我们执行一个测试，以确保 Burp 正常工作。在 Burp 中切换到代理选项卡，并通过单击“拦截关闭”开启流量拦截。按钮现在应该显示“拦截已开启”（图 4-7）。这意味着您现在正在拦截来自 Firefox 或嵌入式浏览器的流量。

Figure 4-7 : Intercept is on means that you’re now intercepting traffic.

图 4-7：截取开启表示您现在正在截取流量。

Then open Firefox and visit https://www.google.com/ . In Burp’s proxy, you should see the main window starting to populate with individual requests. The Forward button in Burp Proxy will send the current request to the designated server. Click Forward until you see the request with the hostname www.google.com . If you see this request, Burp is correctly intercepting Firefox’s traffic. It should begin like this:

然后打开 Firefox 并访问 https://www.google.com/。在 Burp 的代理中，您应该看到主窗口开始填充个别请求。 Burp Proxy 的向前按钮将将当前请求发送到指定的服务器。 点击向前，直到看到主机名 www.google.com 的请求。 如果您看到此请求，则 Burp 正确拦截了 Firefox 的流量。 它应该像这样开始：

GET / HTTP/1.1
Host: www.google.com

Click Forward to send the request over to Google’s server. You should see Google’s home page appear in your Firefox window.

点击“前进”将请求发送到谷歌的服务器。你应该能够在 Firefox 窗口中看到谷歌的主页出现。

If you aren’t seeing requests in Burp’s window, you might not have installed Burp’s CA certificate properly. Follow the steps in this chapter to reinstall the certificate. In addition, check that you’ve set the correct proxy settings to 127.0.0.1:8080 in Firefox’s Connection Settings.

如果你在 Burp 的窗口中没有看到请求内容，可能是没有正确安装 Burp 的 CA 证书。请按照本章的步骤重新安装证书。另外，检查一下 Firefox 的连接设置中是否设置了正确的代理设置：127.0.0.1:8080。