第一个请求

GET /broadcast/api/captcha/formtoken HTTP/1.1
Host: e.dxy.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-XSRF-TOKEN: nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9
Referer: https://e.dxy.cn/broadcast/my/info
Cookie: _ga=GA1.2.1060500756.1551167330; _gid=GA1.2.754575247.1551167330; JUTE_BBS_DATA=468d0283c978f647baafac3640c770dd2aa5da94bc74a1b446454d24a95d73af2871dace5332d3a7b837df5cf119bcf072c2e546db6ae4b6a20263cc55b0dc7c0c3a0283673a8b2cefb17a58c9372082; route_e_broadcast=e49be6a222ecd36085950f667b0f5a8e; PHPSESSID=hn2enr413f1l32rt044fr2ssmpkj6jq7; XSRF-TOKEN=nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9; dxy_session=WkmMYza7i0khDNJXIapui8nIA4VTZhcIAbFfQsvo; Hm_lvt_585d79beabf9368e8c8bdcc5a01b3940=1551167386; Hm_lpvt_585d79beabf9368e8c8bdcc5a01b3940=1551167386; DXY_USER_GROUP=60; JUTE_TOKEN=23b5b865-4a56-42ad-b098-17cdbb1c4a28
Connection: close

第一个应答

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Feb 2019 07:56:52 GMT
Content-Type: application/json
Connection: close
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9; expires=Wed, 13-Mar-2019 07:56:52 GMT; Max-Age=1296000; path=/
Set-Cookie: dxy_session=WkmMYza7i0khDNJXIapui8nIA4VTZhcIAbFfQsvo; path=/
X-Frame-Options: SAMEORIGIN
Content-Length: 76

{"code":0,"msg":"success","data":"mh99xIcgSbHmUSyJOsCJsICPjMnJOjOBp8oPGdco"}

第二个请求

POST /broadcast/index/api-phoneCode HTTP/1.1
Host: e.dxy.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-XSRF-TOKEN: nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9
Referer: https://e.dxy.cn/broadcast/my/info
Content-Length: 80
Cookie: _ga=GA1.2.1060500756.1551167330; _gid=GA1.2.754575247.1551167330; JUTE_BBS_DATA=468d0283c978f647baafac3640c770dd2aa5da94bc74a1b446454d24a95d73af2871dace5332d3a7b837df5cf119bcf072c2e546db6ae4b6a20263cc55b0dc7c0c3a0283673a8b2cefb17a58c9372082; route_e_broadcast=e49be6a222ecd36085950f667b0f5a8e; PHPSESSID=hn2enr413f1l32rt044fr2ssmpkj6jq7; XSRF-TOKEN=nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9; dxy_session=WkmMYza7i0khDNJXIapui8nIA4VTZhcIAbFfQsvo; Hm_lvt_585d79beabf9368e8c8bdcc5a01b3940=1551167386; Hm_lpvt_585d79beabf9368e8c8bdcc5a01b3940=1551167386; DXY_USER_GROUP=60; JUTE_TOKEN=23b5b865-4a56-42ad-b098-17cdbb1c4a28
Connection: close

type=verify&phone=13888888888&formtoken=mh99xIcgSbHmUSyJOsCJsICPjMnJOjOBp8oPGdco

第二个应答

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Feb 2019 07:56:53 GMT
Content-Type: application/json
Connection: close
Vary: Accept-Encoding
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=nM28ZosriejdFoCVNTR0v3C98YzN1Ra33OYiAka9; expires=Wed, 13-Mar-2019 07:56:53 GMT; Max-Age=1296000; path=/
Set-Cookie: dxy_session=WkmMYza7i0khDNJXIapui8nIA4VTZhcIAbFfQsvo; path=/
X-Frame-Options: SAMEORIGIN
Content-Length: 72

{"code":0,"msg":"success","data":{"message":"\u53d1\u9001\u6210\u529f"}}

这是一个短信发送的接口，第一个请求接受token然后第二个请求再调用。立马可以想到使用burpsuite中的Macros

Macros

录制宏

录制宏

编辑宏

编辑宏

image.png

添加新规则

效果图片