测试技巧之fiddle包复制到bp不乱码

测试技巧之fiddle包复制到bp不乱码

1. 本文目的

公司测试人员都是使用fiddle进行抓包测试，但是安全人员使用burpsuite比较大，且该项目组任务都是app，工作量较大，所以某些功能为了节约时间直接让测试人员提供fiddle的post包文给安全人员进行测试，能够快速的提升工作效率。

Burpsuite2020版本链接下载:

链接：https://pan.baidu.com/s/1Ey6Cp5t5pj-LmF-vsKnMQQ

提取码：a1yy

复制这段内容后打开百度网盘手机App，操作更方便哦

Burpsuite启动教程:

https://www.cnblogs.com/TankXiao/p/12689173.html

1. 操作流程

2.1 取fiddlepost包（raw格式）

打开fiddle抓包->找到Inspectors->找到raw格式包文。

 

2.2复制出包文(带有中文字符的包文)

POST xxxxxxxxebus/yst_yzrq/api/yueShangTong/gt/submit HTTP/1.1

Host: xxxx

Accept: */*

Connection: keep-alive

x-requested-with: xmlhttprequest

Accept-Encoding: gzip, deflate

Accept-Language: zh-cn

Content-Type: application/json

Content-Length: 758

User-Agent: %E7%B2%A4%E5%95%86%E9%80%9AT/79 CFNetwork/894 Darwin/17.4.0

Connection: keep-alive

x-from-app: moa

Cookie: tif_ssoid=4c83f2xxxxxxxa48db5b8ead9

 

{"data":{"main":{"remark":"","business_address":"测试好，","biguser_distinguishid":"91440000MA4X777A89","business_name":"xxx有限公司","admin_area":"xxxx","applicant_nature":"xxxxxx","applicant_psn":"xxxx","link_man":"xxxx","tel":"xxxx","link_id":"","project_name":"测试"},"mx":[{"pk_id":"6e2b20c1-9a2f-4f8e-a1ae-ac806e9707f4"},{"pk_id":"647a5876-11ff-484e-a18e-cbf695cbbf59"},{"pk_id":"7b5ff349-2bcf-4dde-8131-533678246a6f"},{"pk_id":"982aae6d-524c-4dac-ac85-272d70c84024"},{"pk_id":"49a294d7-184f-4db6-b7e2-0e03b8d73b87"},{"pk_id":"9f095b6c-aefc-4eaa-a837-84f96e4c879f"},{"pk_id":"0d87950a-ea8a-41aa-902e-62a48d927632"},{"pk_id":"b2d8a761-a29a-44ed-913c-1223a9983a9a"}]}}

 

2.3 使用2020版本bp请求post包渗透

注意；老版本Burpsuite1.7直接复制带有中文字符的包文是会乱码的