Shulou(Shulou.com)06/01 Report--

The basic Application of burpsuite-brute Force cracking

Log in to a site http://www.XXXX.cn/login.php and the registration page is as follows

1. Open the Proxy grab package and randomly (guess) try the username and password, which is shown as follows

2. Intruder intruder auto$ positions, remove the extra loading dictionary location, remove password username

Attack type-Battering (one dictionary matches both load locations)

3.Payload Set-type-rumtime file (choose to load your own dictionary), payload option load your own dictionary (English subdirectory, English file name)

4.start-attack

5. Look for different length values for comparison, there are obviously 1691 and 1427 here, right-click send-to-comparer (response)

Click word in the lower corner to see the comparison, as follows

The COOKIE value appears, indicating that 111111 is the password (and also the user name).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.