Looking at the vulnerabilities in Wuyun, many of them are intercepted and modified data by post.
As a PHP user for two years, I don’t know how to modify post data, which feels very shameful.
For example, when submitting verification codes, logging in, and paying, post to modify data
Please give some guidance from an expert.
Looking at the vulnerabilities in Wuyun, many of them are intercepted and modified data by post.
As a PHP user for two years, I don’t know how to modify post data, which feels very shameful.
For example, when submitting verification codes, logging in, and paying, post to modify data
Please give some guidance from an expert.
If you want gui, you can use postman, paw and other tools
You can use curl in cli
If that doesn’t work, you can write a script yourself
Or you can actually connect to it via telnet
To put it simply, after capturing the post数据格式 packet, modify it to specific content, and then submit it through the tool. What @vimac said can also be used.
I like to directly hang a jq on the page to submit the test, because this way everything is native and does not need to be simulated, which is very convenient.
Use burp's proxy function to intercept data packets and then modify them. You can also use Firefox's hackbar plug-in.
is the postman link description
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
