Vote For Us !
Topliste | volno.org - Topliste | LinkR.top - Dein Linkverzeichnis für den Underground! | | | Cyonix! |


Latest Topics: --- KLS Backup Professional 2019 10.0.2.6 --- CyberLink AudioDirector Ultra 11.0.2110.0 Multilingual --- Folder Guard 20.9 Multilingual --- CoffeeCup HTML Editor 17.0 Build 836 --- ImageRanger Pro Edition 1.7.6.1624 --- Mindjet MindManager 2021 v21.0.261 (x64) Multilingual --- Retouch4me Heal 0.983 --- Titan FTP Server Enterprise 2019 Build 3611 --- TubeMate Downloader 3.17.11 --- VideoMeld 1.63 (x64) ---

Categories
Applications & Games
Music Audio & Video
Ebooks ,Tutorials & Scripts

Friends
WarezForums.com
Best of Links!
8ebooks.net

Latest Threads
KLS Backup Professional 2019 10.0.2.6
Last Post: M.D.
Today 06:02 AM
» Replies: 0
» Views: 4
CyberLink AudioDirector Ultra 11.0.2110.0 Multilingual
Last Post: M.D.
Today 05:59 AM
» Replies: 0
» Views: 3
Folder Guard 20.9 Multilingual
Last Post: M.D.
Today 05:51 AM
» Replies: 0
» Views: 6
CoffeeCup HTML Editor 17.0 Build 836
Last Post: M.D.
Today 05:21 AM
» Replies: 0
» Views: 5
ImageRanger Pro Edition 1.7.6.1624
Last Post: M.D.
Today 05:12 AM
» Replies: 0
» Views: 3
Mindjet MindManager 2021 v21.0.261 (x64) Multilingual
Last Post: M.D.
Today 04:56 AM
» Replies: 0
» Views: 4
Retouch4me Heal 0.983
Last Post: M.D.
Today 04:41 AM
» Replies: 0
» Views: 4
Titan FTP Server Enterprise 2019 Build 3611
Last Post: M.D.
Today 04:23 AM
» Replies: 0
» Views: 3
TubeMate Downloader 3.17.11
Last Post: M.D.
Today 04:20 AM
» Replies: 0
» Views: 3
VideoMeld 1.63 (x64)
Last Post: M.D.
Today 04:17 AM
» Replies: 0
» Views: 5

Burp Suite Professional v2.1.07
#1
Burp Suite Professional v2.1.07

[Image: Burp-Suite-Professional.png]

Burp Suite is a reliable and practical platform that provides you with a simple means of performing security testing of web applications. It gives you full control, letting you combine advanced manual techniques with various tools that seamlessly work together to support the entire testing process. The utility is easy-to-use and intuitive and does not require you to perform advanced actions in order to analyze, scan and exploit web apps. It is highly configurable and comes with useful features to assist experienced testers with their work.

Features

Burp Proxy
Burp Spider
Burp Repeater
Burp Sequencer
Burp Decoder
Burp Comparer
Burp Intruder
Burp Scanner
Save and Restore
Search
Target Analyzer

[Image: burpsuitepro2.png]

Download Link:
https://www.uploadship.com/7dde9913bf169644
Reply
#2
Murtadoc;6151786 Wrote:Burp Suite Professional v2.1.07
Released 17 December 2019
with keygen: "Burp Suite Pro 1.7.31 Loader & Keygen - By surferxyz"
...
Thanks a lot.  Well just in case I made a mirror for that:
https://mediafire.com/file/t2l1lfbhei82l...m.zip/file
mediafire.com/file/t2l1lfbhei82lgw

Here are 3 more mirrors:

[spoiler]

Attentions ensure you download 
both files: burp and the keygen !

https://down.52pojie.cn/Tools/Network_Analyzer/
https://down.52pojie.cn/Tools/Network_An...Keygen.zip

https://mega.nz/#!scpmEYLY!zPTPdITnyFD6r...OikUXwNBaM  From someone

https://anonfile.com/9714bcK7nc/burpsuit...2.1.07_jar    From uCare
http://scz.617.cn/private/burp-loader-keygen-2_1_07.jar

[/spoiler]
^⁻ Angry shit why this forum here don't implemented spoilers? !!
Well I'll go on - but like this you'll brothered with all the little details, that were not meant to be there until you click to open them.



And for the older burp-loader-keygen-2_1_06.jar

[spoiler]
https://mega.nz/#!vepwiAjC!khcN9_M_eiMag...NxQupR5thc
http://scz.617.cn/private/burp-loader-keygen-2_1_06.jar

[/spoiler]


Attention: Only works with Java 8 !

And well because of way the loader that is required to run burp is working you have to use Java 8.
Background: In Java 9 Release notes is written that they removed the '-Xbootclasspath/p' option. But overwriting/replacing standard java class with a custom one is essential to get the loader to work. 
Here it is java/lang/ClassLoader.class (inside burp-loader-keygen-2_1_07.jar). 

So in the end I installed the "jre8" packet in my Manjaro Arch Linux and run Burp like this:
Code:
/usr/lib/jvm/java-8-jre/jre/bin/java  -noverify  -Xbootclasspath/p:burp-loader-keygen-2_1_07.jar  -jar burpsuite_pro_v2.1.07.jar

In windows it'll be similar. Get the JRE8. Install/unpack it. Find and run java.exe (or javaws.exe) with the commands above.












Background information:

[spoiler]


More in detail the loader works like this:
[spoiler]
the 'keygen jar' archive contains this file:
java.lang.ClassLoader [.class]
It's has nearly the same functions like to original one ( Java rt.jar) but contains some special java code to invoke the license patch in burp.
defineClass
https://docs.oracle.com/javase/7/docs/ap...nt,%20int)

Code:
  // Converts an array of bytes into an instance of class 
    protected final Class<?> defineClass(String name, byte[] b, int off, int len) throws ClassFormatError {

// Patch code start
        if (len == 111977) {
            int[] patchedClassCode = new int[]{

                        31159, 0, // nop
                        31160, 3, // iconst_0

                        31187, 0, // nop
                        31188, 3, // iconst_0

                        31274, 167, //0xA7 goto 0x5a27 (=23079 )
                        31275, 90,  //0x5A
                        31276, 39   //0x27

                        };

            for ( int i = 0; i < patchedClassCode.length; i += 2) {
                b[ patchedClassCode[len] ] = (byte)patchedClassCode[ i + 1] ;
            }
        }
       // Patch code end

        return this.defineClass(name, b, off, len, (ProtectionDomain)null);
    }

As you might see the trigger for the patch this the size of the class.
[wow 109k that's a pretty big one, there are just about 3 class file in burp that might fit here]
What is inside the patchcode? 
Well it's Java byte code. All in all there are just 7 bytes altered.
They are written into 3 locations.
Patch #1 & #2 is pushing 0 on the stack. And Patch #3 make the flow execution  to jump to some location above.
Can't really say without knowing the context around the patch. 
In the end the License code is correct. Smile

Well that was the result of my own analysis. I googled and found some more. Just read on...
[/spoiler]




What the loader does / why we need it?

[spoiler]
Well the keygen can issue some 'in the view from burp' validate license data. The only problem with the keygen produces license data is that its not correctly signed.
Since the keygen does know the burps-private key it can't sign the license data. (Bruteforcing the correct private key can't be done in as reasonable time.) Instead a fixed static 1KBit or 2KBit signature is used and gets just attached to the license data so they have the correct format.
Of course like this the signature is always incorrect. So the burps license data signature validation must be tricked to everything-is-okay so that keygened license will work. That is what the loader/patch is for.
[/spoiler]

Some alternative patch approach via java.math.BigInteger::compareTo :

[spoiler]
Well however that attached static 1KBit signature offers some other way of fooling the signature validation.
In the end there are two values compared to decide is that signature correct. The calculated signature and the signature read from the license data. Since that read one is always the same it'll offer a very sure trigger for a patch in the general java compare function for big numbers.
Code:
/ *
* java.math.BigInteger.class
* /
public int compareTo (BigInteger paramBigInteger)
{
    / *
     *  check for two known results due to a static signature in the burp lic data,
        0 is returned directly, indicating everything is okay.
     * /
    if (paramBigInteger.toString (). equals ("4188 ... 3311"))
    {
        return (0);
    }
    if (paramBigInteger.toString (). startsWith ("21397203 ..."))
    {
        return (0);
...


Well that's it - this will be more future-proof-version than the current one (with java/lang/ClassLoader.class  ).
[/spoiler]

Burp's class files are obfuscated by Zelix KlassMaster Version 9.0b release 9 (11 Mar 2018)
There are deobfuscators around.

Getting it work for Java 9 and higher (Not tested yet ! ) ...

[spoiler]
... will be to copy(and overwrite) ClassLoader.class directly into java/lib/rt.jar. So the command line with the loader(Keygen) is not needed anymore.
Possible direct problems: Maybe that will trigger the signature checks or breaks certificates. So update MANIFEST.MF as well. Another problem may arise due to version differences. So maybe reimplement the patch so take ClassLoader.java from Java 10 or whatever, Go to 'protected final Class<?> defineClass(String name, byte[] b, int off, int len) throws ClassFormatError ' and paste the patcher code there.
Code:
package java.math;
public class BigInteger ...
...
/*      */   public int compareTo(BigInteger paramBigInteger)
/*      */   {
/* 3526 */     if (paramBigInteger.toString()
/*      */         .startsWith(    "4188705752967")) {
//                           0x3BA62EB0178C5169A5E87A8B8A84AE0B985C...AD5E94A12B9B3F  size: 1022 bit
/* 3528 */       return 0;
/*      */     }
/*      */
/*      */
/*      */
/*      */
/* 3534 */     if (paramBigInteger.toString()
/*      */         .startsWith(    "2139720347225")) {
//                               0xA97F9DC4...CCDC04CC80 side; 2048 bit
/* 3536 */       return 0;
/*      */     }
/*      */
/*      */
/*      */
/*      */
/* 3542 */     if (this.signum == paramBigInteger.signum) {
...
/* 3549 */       return 0;
...

However from a pragmatic viewpoint it's ugly to patch system libraries. It'll be like patching kernel32.dll in Windows to get ya crack working. There are two major problems. 
  1. Updates will easily overwrite undo that patch. (Or maybe refuse to install since they don't get the expected version)
  2. Errors in the patch code or trigger will also affect other programs that just use this java library.
[/spoiler]
[/spoiler]
Reply
#3
Thank you tralaleo
Reply

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Crack, Serial, Keygen, Warez Downloads crawli download suchmaschine
WarezWorm| DDLSite Download| WarezKeeper