[培训]《冰与火的战歌:Windows内核攻防实战》!从零到实战,融合AI与Windows内核攻防全技术栈,打造具备自动化能力的内核开发高手。
最后于 2023-11-5 15:57
被guduzhe编辑
,原因:
---
来源: 看雪论坛
原文链接: https://bbs.kanxue.com/thread-271480.htm
[分享]burpsuite burploader
263 浏览
24 回复
loader1、直接双击 ja-netfilter.jar 或者 java -jar ja-netfilter.jar 自动运行程序2、注册模式 java -jar ja-netfilter.jar -r3、指定用户名模式 java -jar ja-netfilter.jar username,无需再复制请求和激活指令
上传的附件:
loader.zip
(97.24kb,865次下载)
上传的附件:
loader.zip
(97.24kb,865次下载)
请问有人能解释一下我该如何开始使用吗?
guduzhe
3.0版本 1f3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5K6i4K6u0W2x3q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
没想到师傅更新了最新的,努力学习!!
3.0版本 1f3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5K6i4K6u0W2x3q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
没想到师傅更新了最新的,努力学习!!
3.0版本
2abK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5K6i4K6u0W2x3q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
上传的附件:
bounty.jar
(9.76kb,121次下载)
2abK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5K6i4K6u0W2x3q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
上传的附件:
bounty.jar
(9.76kb,121次下载)
guduzhe
签名方式有变化,试试这个吧
果然可以,感谢!
最后于 2026-1-4 18:41
被weizi编辑
,原因:
签名方式有变化,试试这个吧
果然可以,感谢!
最后于 2026-1-4 18:41
被weizi编辑
,原因:
weizi
2.8.2不行,估计哪里还有变化。e4fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0u0Q4x3X3g2*7K9i4l9`.
签名方式有变化,试试这个吧
上传的附件:
bounty.jar
(7.96kb,98次下载)
2.8.2不行,估计哪里还有变化。e4fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0u0Q4x3X3g2*7K9i4l9`.
签名方式有变化,试试这个吧
上传的附件:
bounty.jar
(7.96kb,98次下载)
2.8.2不行,估计哪里还有变化。94fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0u0Q4x3X3g2*7K9i4l9`.
husbek
guduzhe
好久不搞了,印象是这个插件是没有混淆吧
license那一块是没做,看了下h3110w0r1d-y师傅写的loa ...
今天看了一下,就是加了一个签名验证,返回的json中is_air_gapped字段是true,直接不校验签名的。我大体写了一个服务端,你可以想办法实现服务端,或者自己hook网络返回就可以了。我是通过修改dns和插入根证书,自己做了一个服务端测试的,它访问的域名是api.licensespring.com。只测试了2.8.0版本正版,下载地址:94bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
服务端测试代码(如果hook https返回结果,参考代码中的json数据就可以了)
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class test {
@RequestMapping(value = "/api/v4/activate_license")
public String activate_license() {
//AirGapResponse解析
return "{\n" +
" \"id\": 456,\n" +
" \"device_id\": 789,\n" +
" \"license_signature\": \"abc123\",\n" +
" \"license_type\": \"perpetual\",\n" +
" \"is_trial\": false,\n" +
" \"is_air_gapped\": true,\n" + //主要是这个配置,true时不校验数据签名
" \"validity_period\": \"2099-12-05T21:51:33.426525100+08:00[Asia/Shanghai]\",\n" + //过期时间
" \"customer\": {\n" +
" \"email\": \"1@qq.com\"\n" + //邮箱
" },\n" +
" \"license_active\": true,\n" +
" \"license_enabled\": true,\n" +
" \"is_expired\": false\n" +
"}";
@RequestMapping(value = "/api/v4/product_details")
public String product_details() {
//返回产品详情
String str = "{\"product_id\":1586066454418369,\"product_name\":\"Burp Bounty Pro\",\"short_code\":\"burpbountypro\",\"allow_trial\":false,\"trial_days\":0,\"authorization_method\":\"license-key\",\"floating_timeout\":120,\"allow_overages\":false,\"max_overages\":0,\"prevent_vm\":false,\"metadata\":{},\"company\":{\"id\":988}}";
return str;
@RequestMapping(value = "/api/v4/check_license")
public String check_license() {
//CheckResponse解析
String str = "{\n" +
" \"id\": 456,\n" +
" \"device_id\": 789,\n" +
" \"license_signature\": \"abc123\",\n" +
" \"license_type\": \"perpetual\",\n" +
" \"is_trial\": false,\n" +
" \"is_air_gapped\": true,\n" +
" \"validity_period\": \"2099-12-05T21:51:33.426525100+08:00[Asia/Shanghai]\",\n" +
" \"customer\": {\n" +
" \"email\": \"1@qq.com\"\n" +
" },\n" +
" \"license_active\": true,\n" +
" \"license_enabled\": true,\n" +
" \"is_expired\": false\n"
...(已截断)
guduzhe
好久不搞了,印象是这个插件是没有混淆吧
license那一块是没做,看了下h3110w0r1d-y师傅写的loa ...
今天看了一下,就是加了一个签名验证,返回的json中is_air_gapped字段是true,直接不校验签名的。我大体写了一个服务端,你可以想办法实现服务端,或者自己hook网络返回就可以了。我是通过修改dns和插入根证书,自己做了一个服务端测试的,它访问的域名是api.licensespring.com。只测试了2.8.0版本正版,下载地址:94bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
服务端测试代码(如果hook https返回结果,参考代码中的json数据就可以了)
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class test {
@RequestMapping(value = "/api/v4/activate_license")
public String activate_license() {
//AirGapResponse解析
return "{\n" +
" \"id\": 456,\n" +
" \"device_id\": 789,\n" +
" \"license_signature\": \"abc123\",\n" +
" \"license_type\": \"perpetual\",\n" +
" \"is_trial\": false,\n" +
" \"is_air_gapped\": true,\n" + //主要是这个配置,true时不校验数据签名
" \"validity_period\": \"2099-12-05T21:51:33.426525100+08:00[Asia/Shanghai]\",\n" + //过期时间
" \"customer\": {\n" +
" \"email\": \"1@qq.com\"\n" + //邮箱
" },\n" +
" \"license_active\": true,\n" +
" \"license_enabled\": true,\n" +
" \"is_expired\": false\n" +
"}";
@RequestMapping(value = "/api/v4/product_details")
public String product_details() {
//返回产品详情
String str = "{\"product_id\":1586066454418369,\"product_name\":\"Burp Bounty Pro\",\"short_code\":\"burpbountypro\",\"allow_trial\":false,\"trial_days\":0,\"authorization_method\":\"license-key\",\"floating_timeout\":120,\"allow_overages\":false,\"max_overages\":0,\"prevent_vm\":false,\"metadata\":{},\"company\":{\"id\":988}}";
return str;
@RequestMapping(value = "/api/v4/check_license")
public String check_license() {
//CheckResponse解析
String str = "{\n" +
" \"id\": 456,\n" +
" \"device_id\": 789,\n" +
" \"license_signature\": \"abc123\",\n" +
" \"license_type\": \"perpetual\",\n" +
" \"is_trial\": false,\n" +
" \"is_air_gapped\": true,\n" +
" \"validity_period\": \"2099-12-05T21:51:33.426525100+08:00[Asia/Shanghai]\",\n" +
" \"customer\": {\n" +
" \"email\": \"1@qq.com\"\n" +
" },\n" +
" \"license_active\": true,\n" +
" \"license_enabled\": true,\n" +
" \"is_expired\": false\n"
...(已截断)
很长时间没有更新了,没有太多修改的地方,只是适配了最新版的ja-netfilter。bounty.jar是burp Bounty的激活插件,有需要放入plugins目录即可。BurpBounty下载地址:130K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0k6r3&6Q4x3X3g2K6K9r3!0H3K9h3k6&6i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3g2)9J5c8U0l9$3y4U0N6Q4x3V1j5#2x3K6R3J5i4K6u0r3x3U0V1$3z5q4)9J5c8X3k6A6L8r3g2K6i4K6u0r3b7Y4g2J5M7p5u0G2N6h3&6@1P5g2m8J5L8#2)9#2k6Y4j5J5i4K6u0W2z5q4)9J5k6e0m8Q4x3X3g2*7K9i4l9`.
使用方法1、直接双击 ja-netfilter.jar 或者 java -jar ja-netfilter.jar 自动运行程序2、注册模式 java -jar ja-netfilter.jar -r3、指定用户名模式 java -jar ja-netfilter.jar username,无需再复制请求和激活指令
最后于 2025-12-8 10:59
被guduzhe编辑
,原因:
使用方法1、直接双击 ja-netfilter.jar 或者 java -jar ja-netfilter.jar 自动运行程序2、注册模式 java -jar ja-netfilter.jar -r3、指定用户名模式 java -jar ja-netfilter.jar username,无需再复制请求和激活指令
最后于 2025-12-8 10:59
被guduzhe编辑
,原因:
guduzhe
好久不搞了,印象是这个插件是没有混淆吧
license那一块是没做,看了下h3110w0r1d-y师傅写的loader中的破解代码,跟了下最新版本的,是多加了一层licensecheck
最后于 2025-8-5 17:06
被husbek编辑
,原因:
好久不搞了,印象是这个插件是没有混淆吧
license那一块是没做,看了下h3110w0r1d-y师傅写的loader中的破解代码,跟了下最新版本的,是多加了一层licensecheck
最后于 2025-8-5 17:06
被husbek编辑
,原因:
husbek
师傅是否可以帮忙看看burp bounty pro最新版的验证算法,版本为2.8.2,目前官网提供下载的是2.8.0,2.8.2原包您看是否方便私我您的微信或者邮箱
好久不搞了,印象是这个插件是没有混淆吧
师傅是否可以帮忙看看burp bounty pro最新版的验证算法,版本为2.8.2,目前官网提供下载的是2.8.0,2.8.2原包您看是否方便私我您的微信或者邮箱
好久不搞了,印象是这个插件是没有混淆吧
师傅是否可以帮忙看看burp bounty pro最新版的验证算法,版本为2.8.2,目前官网提供下载的是2.8.0,2.8.2原包您看是否方便私我您的微信或者邮箱
最后于 2025-8-1 12:52
被husbek编辑
,原因:
最后于 2025-8-1 12:52
被husbek编辑
,原因:
感谢,试验了手头上的burpsuite工作正常。
感谢分享
a66K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4L8$3!0Y4L8r3g2%4k6h3u0Q4x3V1k6D9L8$3q4V1k6i4u0Q4x3V1k6J5k6h3I4W2j5i4y4W2M7#2)9J5c8Y4c8S2k6#2)9J5c8U0q4Q4x3X3f1H3i4K6u0W2y4b7`.`.
支持直接指定用户名进行注册,无须再复制请求和返回手工注册了,注册流程简单,
支持直接指定用户名进行注册,无须再复制请求和返回手工注册了,注册流程简单,