查看原文
其他

减少Burpsuite抓包过程中的‘噪音’

迪哥讲事 2023-07-11

Editor's Note

使用bp必须要做的工作

The following article is from 骨哥说事 Author 骨哥说事

相信各位在使用Burpsuite抓包时一定会遇到下面这种情况吧?N多的数据‘噪音’:



之前骨哥喜欢使用Chrome进行抓包,后来发现随着插件数量的增加,在抓包时,噪音数据也会随之增多,后来改用了FireFox代理抓包,明显数据‘噪音’少了很多,但还是会有上图中的困扰。


为了彻底解决这个问题,下面教给大家几种设置方法。


方法1:修改Firefox浏览器的.default配置文件,可以在Firefox浏览器中输入about:config,进行相应配置:



"newtabpage.activity-stream.telemetry.ping.endpoint": "Localhost", "newtabpage.activtty-stream.feeds.telemetry":false,"ping-centre.telemetry":false,"safebrowsing.provider.google.reportMaLwaremistakeURL": "Localhost","network.captive-portal-service.enabled": false,"safebrowsing.provider.google4.gethashurl": "Localhost","safebrowsing.reportphishURL": "Localhost","toolkit.telemetry.bhrPing.enabled":,false


方法2:据你的系统不同,在相应路径下,新建一个user.js文件,


Windows系统:

%APPDATA%\Mozilla\Firefox\Profiles\


Linux系统:

/home/<username>/.mozilla/firefox/


macOS系统:

/Users/<username>/Library/Application Support/Firefox/Profiles/


粘贴下方代码:

// Mozilla User Preferences// To change a preference value, you can either:// - modify it via the UI (e.g. via about:config in the browser); or// - set it within a user.js file in your profile (create it if it doesn't exist).//// Profile folder location on different systems:// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default
user_pref("accessibility.force_disabled", 1);user_pref("accessibility.typeaheadfind.flashBar", 0);user_pref("app.normandy.first_run", false);user_pref("app.shield.optoutstudies.enabled", false);user_pref("app.update.auto", false);user_pref("app.update.checkInstallTime", false);user_pref("app.update.doorhanger", false);user_pref("browser.feeds.showFirstRunUI", false);user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);user_pref("browser.newtabpage.activity-stream.prerender", false);user_pref("browser.newtabpage.activity-stream.telemetry", false);user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "https://localhost");user_pref("browser.ping-centre.telemetry", false);user_pref("browser.safebrowsing.blockedURIs.enabled", false);user_pref("browser.safebrowsing.downloads.enabled", false);user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);user_pref("browser.safebrowsing.downloads.remote.enabled", false);user_pref("browser.safebrowsing.downloads.remote.url", "https://localhost");user_pref("browser.safebrowsing.malware.enabled", false);user_pref("browser.safebrowsing.phishing.enabled", false);user_pref("browser.safebrowsing.provider.google.advisoryURL", "https://localhost'");user_pref("browser.safebrowsing.provider.google.gethashURL", "https://localhost");user_pref("browser.safebrowsing.provider.google.lists", "https://localhost");user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://localhost");user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://localhost");user_pref("browser.safebrowsing.provider.google.reportURL", "https://localhost");user_pref("browser.safebrowsing.provider.google.updateURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.advisoryURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.gethashURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.reportURL", "https://localhost");user_pref("browser.safebrowsing.provider.google4.updateURL", "https://localhost");user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "https://localhost");user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "995795774646");user_pref("browser.safebrowsing.provider.mozilla.updateURL", "https://localhost");user_pref("browser.safebrowsing.reportPhishURL", "https://localhost");user_pref("browser.search.geoSpecificDefaults.url", "https://localhost");user_pref("browser.search.searchEnginesURL", "https://localhost");user_pref("browser.search.suggest.enabled", false);user_pref("browser.search.update", false);user_pref("browser.search.update.interval", 995795774646);user_pref("browser.startup.page", 0);user_pref("browser.urlbar.suggest.bookmark", false);user_pref("browser.urlbar.suggest.history", false);user_pref("captivedetect.maxRetryCount", 0);user_pref("experiments.activeExperiment", false);user_pref("experiments.manifest.uri", "https://localhost");user_pref("extensions.update.enabled", false);user_pref("general.warnOnAboutConfig", false);user_pref("network.captive-portal-service.enabled", false);user_pref("security.ssl.errorReporting.url", "https://localhost");user_pref("services.settings.server", "https://localhost");user_pref("services.sync.nextSync", 0);user_pref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false);user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);user_pref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false);user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);user_pref("toolkit.telemetry.archive.enabled", false);user_pref("toolkit.telemetry.bhrPing.enabled", false);user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);user_pref("toolkit.telemetry.hybridContent.enabled", false);user_pref("toolkit.telemetry.newProfilePing.enabled", false);user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);user_pref("toolkit.telemetry.unified", false);user_pref("toolkit.telemetry.updatePing.enabled", false);user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);user_pref("extensions.pocket.enabled", false);user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false);user_pref("app.normandy.enabled", false);user_pref("captivedetect.canonicalURL", "http://localhost");user_pref("app.normandy.api_url", "http://localhost");user_pref("app.normandy.shieldLearnMoreUrl", "http://localhost");// optional - disable password savinguser_pref("signon.passwordEditCapture.enabled", false); user_pref("services.sync.engine.passwords", false);// optional - disable updatesuser_pref("extensions.systemAddon.update.enabled", false);user_pref("extensions.update.autoUpdateDefault", false);


方法3:Burpsuite中直接设置过滤


Burpsuite->Proxy->Options->TLS Pass Through:

.*\.google\.com .*\.gstatic\.com.*\.googleapis\.com.*\.pki\.googmozilla\.com$|firefox\.com$|firefoxchina\.cn$

如图:


然后你会发现数据‘噪音’消失了,一个‘安静’的Firefox代理抓包搞定!


====正文结束====

您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存