一、绕过前端限制
1、抓包
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165054425-342000337.png)
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165130711-1483337940.png)
3、修改参数:增加长度超过 20
注意:接口 15s 会超时,需要在 15s 内操作完毕
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165149521-1106566782.png)
拓展:
参数修改成其他格式email=<img src=x onerror=alert(8905)>
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165204367-340309215.png)
二、暴力破解登录密码
1、抓包-登录接口
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165253990-1497376223.png)
2、右键-Send to Intruder
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165308815-930763521.png)
3、进入 Intruder
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165332003-1180979314.png)
(1)Positions -> attack type 选择 Sniper(爆破模式)
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165352308-1206711509.png)
(2)清空默认的爆破参数,设置指定的爆破参数 password
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165408465-1341983725.png)
(3)Payloads 选择弱口令密码文档
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165431980-74219483.png)
(4)点击 Start attack 开始爆破
错误情况
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165448456-749098285.png)
破解成功
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165504585-1982936714.png)
三、Repeater 重放请求
1、目标网站搜索内容,搜索成功后,复制完整链接
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165535812-1029015578.png)
2、打开 Burpsuite
(1)Repeater,右键- Paste URL as request
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165557273-2125400629.png)
(2)点击 Send
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165610192-873089453.png)
(3)重放成功
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165626497-2079318000.png)
(4)修改参数,重新发送请求成功
![](https://img2020.cnblogs.com/blog/1537630/202103/1537630-20210317165648249-1150690258.png)
参考:
https://zhishihezi.net/b/03c82a3d82cdf5a1d066e0e2423e48dd#start