Foreword:
Penetration testing is indispensable for the use of tools, but few people consider the linkage usage between tools. Last time, the app applet test linkage burpsuite was updated. This time I will talk about the linkage use of some commonly used tools in the penetration process.
People are sitting at home, and loopholes come from the sky [With authorization, do not play casually without authorization]
Table of contents
1.xray+burpsuite
First configure the xray proxy in burpsuite and install the xray certificate in the browser
The browser agent hangs the burpsuite agent
After setting up the agent, test whether the linkage is successful. Xray cannot test business logic vulnerabilities, but linkage can make the scope of vulnerability testing more comprehensive.
2. DVWA linkage
DVWA is a powerful tool for penetration vulnerability testing. The linkage method is relatively simple. Just set the DVWA proxy to the xray proxy address.
When xray and burpsuite are linked, more comprehensive domain name information, data packets, etc. will be crawled, and then more vulnerabilities will be detected using DVWA for vulnerability scanning.
[Note: The linkage method here is limited to a single URL. If you want to set it in batches, you need to download a tool or write your own script. I will continue to update it in the future]
Penetration testing tools are important, but so are the basics.