Burp Suite Pro

发表于 分类于

Burp Suite 是大名鼎鼎的 Web 渗透神器,提供社区免费版 Burp Suite Community Edition,基本功能够用。笔者非专业 Web 安全从业人员,想体验下 Pro 版本的功能,想到 scz 有过相关研究,参考他的博客捣鼓了一下,专业人士最好还是付费支持。

Burp Suite Pro

下载地址(最后一个地址已经失效,可以从 52pojie 的帖子中找到哈希值,去 Google 搜索下载):

1
2
3
https://mega.nz/file/VVB3zZZA#onBiUlM3A6uI6x6eljzRxgbWS4V_SGXzoi1EHeKebkA
https://portswigger.net/burp/releases/download?product=pro&version=2022.9&type=Jar
http://scz.617.cn/private/burp-loader-keygen-2020_2_1.jar_568321911fea077bc290bd9914b73402

校验信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
PS D:\> Get-FileHash -A SHA256 .\burp-loader-x-Ai-new.jar
Algorithm       Hash
---------       ----
SHA256          6D10FF21289D80A57D48F41C994380F6781ADA266C3842F523BC4FA73D241F1E

PS D:\> Get-FileHash -A SHA256 .\burpsuite_pro_v2022.9.jar
Algorithm       Hash
---------       ----
SHA256          97D641723A5FC8EB0FA47F151343C91D139795C670A3DF842B919D941C6357B3

PS D:\> Get-FileHash -A SHA256 .\burp-keygen-scz.jar
Algorithm       Hash
---------       ----
SHA256          74893842A782238F52F0F225C06FA744568321911FEA077BC290BD9914B73402

启动注册机命令:

1
java -jar burp-keygen-scz.jar

启动 Burp Suite Pro 命令:

1
java -noverify -javaagent:burp-loader-x-Ai-new.jar -jar burpsuite_pro_v2022.9.jar

注意 Java 版本要正确,否则会出错(Class file version 55.0 对应 Java 11):

1
2
3
4
Exception in thread "main" java.lang.UnsupportedClassVersionError:
com/BurpSuiteLoader/Transformer
has been compiled by a more recent version of the Java Runtime (class file version 55.0),
this version of the Java Runtime only recognizes class file versions up to 52.0

激活时,选择 Manual Activation 即可。

参考文档:

  1. http://scz.617.cn:8/misc/202209131321.txt
  2. https://www.52pojie.cn/thread-1038295-1-1.html