大学 macos MacOS虚拟机配置 CH0ico 2026-02-04 2026-02-04 环境信息
系统 : macOS 15.4 (Sequoia) - Darwin 24.5.0芯片 : Apple Silicon (ARM64)架构 : ARM64_T8132 (M4)
第一部分:安装软件 1. 安装 OrbStack 1 2 brew install --cask orbstack
启动 OrbStack,完成初始化(无需登录)。
2. 安装 Burp Suite (ARM64 原生版) 1 2 3 4 5 6 open https://portswigger.net/burp/communitydownload brew install --cask burp-suite
验证架构 (确保不是 Rosetta 转译):
1 2 3 file /Applications/Burp\ Suite\ Community\ Edition.app/Contents/MacOS/JavaApplicationStub
第二部分:配置 Burp Suite 1. 启动并设置代理 1 2 open -a "Burp Suite Community Edition"
配置步骤 :
1 2 3 4 5 1. 点击 "Next" → "Start Burp"(使用默认配置) 2. Proxy → Options → Proxy Listeners → Edit - Bind to port: 8080 - Bind to address: All interfaces ✓ - 点击 "OK"
2. 导出 CA 证书(后续给 Kali 容器用) 1 2 3 Proxy → Options → Import/export CA certificate → Export → Certificate in DER format → 保存到: ~/Downloads/burp-ca.der
第三部分:配置 OrbStack Kali 容器 OrbStack Kali VM 完整配置方案
第一步:创建 Kali VM 也可以图形化创建
第二步:初始化配置(进入 VM) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 orb / orb -m kali sudo passwd rootsudo apt update && sudo apt full-upgrade -ysudo apt install -y \ kali-linux-headless \ kali-tools-web \ kali-tools-vulnerability \ kali-tools-database \ xfce4 xfce4-goodies \ tigervnc-standalone-server tigervnc-viewer \ dbus-x11 \ firefox-esr \ ca-certificates \ curl wget nano vim \ net-tools iputils-ping sudo apt autoremove -y && sudo apt clean
第三步:配置 Burp 代理 1 2 3 4 5 6 7 8 9 10 11 sudo tee /etc/profile.d/burp-proxy.sh > /dev/null << 'EOF' export http_proxy=http://host.orb.internal:8080export https_proxy=http://host.orb.internal:8080export HTTP_PROXY=http://host.orb.internal:8080export HTTPS_PROXY=http://host.orb.internal:8080export no_proxy=localhost,127.0.0.1,::1EOF source /etc/profile.d/burp-proxy.sh
第四步:安装 Burp CA 证书 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 orb -m kali sudo apt install -y ca-certificates openssl libnss3-toolssudo openssl x509 -in /tmp/burp-ca.der -out /usr/local/share/ca-certificates/burp.crt -inform DERsudo update-ca-certificatesmkdir -p ~/.mozilla/firefox-esr/defaultcertutil -A -n "PortSwigger CA" -t "C,," -i /usr/local/share/ca-certificates/burp.crt -d ~/.mozilla/firefox-esr/default 2>/dev/null || true if [ -d /usr/lib/jvm ]; then for js in /usr/lib/jvm/*/bin/keytool; do sudo "$js " -import -alias burp -keystore "$(dirname "$js " ) /../lib/security/cacerts" \ -file /usr/local/share/ca-certificates/burp.crt -storepass changeit -noprompt 2>/dev/null || true done fi rm /tmp/burp-ca.der
第五步:配置 VNC 服务 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 mkdir -p ~/.vncecho 'kali' | vncpasswd -f > ~/.vnc/passwdchmod 600 ~/.vnc/passwdcat > ~/.vnc/xstartup << 'EOF' unset SESSION_MANAGERunset DBUS_SESSION_BUS_ADDRESSexec startxfce4EOF chmod +x ~/.vnc/xstartupsudo tee /etc/systemd/system/vncserver@.service > /dev/null << 'EOF' [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking User=%I ExecStart=/usr/bin/vncserver :1 -geometry 1440x900 -depth 24 -localhost no ExecStop=/usr/bin/vncserver -kill :1 [Install] WantedBy=multi-user.target EOF vncserver :1 -geometry 1440x900 -depth 24 -localhost no mv ~/.vnc ~/.config/tigervnc 2>/dev/null || mkdir -p ~/.config/tigervnccp ~/.config/tigervnc/passwd ~/.vnc/passwd 2>/dev/null || true mkdir -p ~/.config/tigervnccp ~/.vnc/xstartup ~/.config/tigervnc/xstartup 2>/dev/null || cat > ~/.config/tigervnc/xstartup << 'EOF' unset SESSION_MANAGERunset DBUS_SESSION_BUS_ADDRESSexec startxfce4EOF chmod +x ~/.config/tigervnc/xstartupecho 'kali' | vncpasswd -f > ~/.config/tigervnc/passwdchmod 600 ~/.config/tigervnc/passwdvncserver :1 -geometry 1440x900 -depth 24 -localhost no vncserver -list vncserver -kill :1
第六步:网络配置(关键) 1 2 3 4 5 6 ip addr show | grep inet curl -I http://host.orb.internal:8080 curl -I https://httpbin.org/ip
发现cutecloud居然ban了内网ip
第七步:macOS 控制脚本 创建 ~/security/kali-web-control.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 #!/bin/bash VM_NAME="kali-web" BURP_APP="Burp Suite Community Edition" VNC_PASS="kali" check_burp pgrep -f "Burp Suite" > /dev/null } start_burp if ! check_burp; then echo "[+] 启动 Burp Suite..." open -a "$BURP_APP " sleep 4 echo "[*] 等待 Burp 初始化..." sleep 2 else echo "[*] Burp Suite 已在运行" fi } get_vm_ip orb ssh "$VM_NAME " -c "ip addr show eth0 | grep 'inet ' | awk '{print \$2}' | cut -d/ -f1" 2>/dev/null } case "$1 " in start) start_burp echo "[+] 启动 Kali VM..." orb start "$VM_NAME " echo "[*] 等待 VNC 服务..." sleep 3 VM_IP=$(get_vm_ip) echo "[*] VM IP: $VM_IP " echo "[+] 打开 VNC Viewer..." open "vnc://${VM_IP} :5901" echo "[✓] 环境就绪" echo " Burp Proxy: http://host.orb.internal:8080" echo " VNC 地址: vnc://${VM_IP} :5901" echo " VNC 密码: $VNC_PASS " echo "" echo " 进入终端: orb ssh $VM_NAME " ;; stop) echo "[*] 停止 Kali VM..." orb stop "$VM_NAME " echo "[✓] 已停止" ;; restart) $0 stop sleep 2 $0 start ;; ssh) orb ssh "$VM_NAME " ;; status) echo "=== 环境状态 ===" echo "Burp Suite: $(check_burp && echo "运行中 ✓" || echo "未运行" ) " echo "VM 状态: $(orb list | grep "$VM_NAME " | awk '{print $2, $3}') " if check_burp; then echo "代理监听: $(lsof -i :8080 | grep LISTEN | head -1 | awk '{print $1, $2}') " fi ;; install-ca) echo "[*] 安装 Burp CA 证书到 VM..." if [ ! -f ~/Downloads/burp-ca.der ]; then echo "[!] 错误: 未找到 ~/Downloads/burp-ca.der" echo " 请先在 Burp 中导出 CA 证书" exit 1 fi orb cp ~/Downloads/burp-ca.der "$VM_NAME :/tmp/burp-ca.der" orb ssh "$VM_NAME " -c ' sudo openssl x509 -in /tmp/burp-ca.der -out /usr/local/share/ca-certificates/burp.crt -inform DER sudo update-ca-certificates rm /tmp/burp-ca.der echo "[✓] 证书安装完成" ' ;; *) echo "用法: $0 {start|stop|restart|ssh|status|install-ca}" echo "" echo "命令说明:" echo " start - 启动 Burp 和 Kali VM,打开 VNC" echo " stop - 停止 Kali VM" echo " restart - 重启整个环境" echo " ssh - 进入 Kali 终端" echo " status - 查看环境状态" echo " install-ca - 重新安装 Burp CA 证书" exit 1 ;; esac
1 2 3 4 chmod +x ~/security/kali-web-control.shsudo ln -s ~/security/kali-web-control.sh /usr/local/bin/kali-web
第八步:工具使用 基本操作 1 2 3 4 5 6 7 8 9 10 11 kali start kali stop kali ssh kali status
VM 内工具代理测试 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 kali ssh curl -I http://httpbin.org/ip curl -I https://httpbin.org/ip sqlmap -u "http://target.com?id=1" --batch nmap --script http-title --proxies http://host.orb.internal:8080 target.com ffuf -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
文件共享 1 2 3 4 5 6 7 kali-web ssh ls ~/mac/ ls ~/mac/security/
故障排除
问题
解决
VNC 连不上
kali-web ssh → sudo systemctl restart vncserver@$(whoami)
代理不通
确认 Burp 绑定了 “All interfaces”,检查 host.orb.internal 解析
证书错误
运行 kali-web install-ca 重新安装
VM 启动慢
orb stop kali-web && orb start kali-web 硬重启
网络不通
orb ssh kali-web → sudo dhclient -r && sudo dhclient
完整配置验证 1 2 3 4 5 6 7 echo "=== OrbStack Kali VM 配置检查 ===" echo "1. OrbStack 版本:" && orb versionecho "2. VM 列表:" && orb listecho "3. VM 详情:" && orb config kali-web show 2>/dev/null || echo "使用默认配置" echo "4. Burp 运行状态:" && (pgrep -f "Burp Suite" > /dev/null && echo "运行中" || echo "未运行" )echo "5. 代理端口:" && lsof -i :8080 | grep LISTEN | head -1
