• What is an intruder
  • Step by step procedure
    		•

    Hacking a login page using burp suite




    Download 6,34 Mb.
    Pdf ko'rish
    bet198/203
    Sana10.01.2024
    Hajmi6,34 Mb.
    #134102
    1   ...   195   196   197   198   199   200   201   202   203
    Bog'liq
    Linux This Book Includes 4 Manuscripts The Underground Bible

    Hacking a login page using burp suite:
    1) In the first step start the intercepting proxy and enter the URL address in
    your browser. When you press the enter button you will see a request pop
    up in the burp suite proxy tab. You can look at the GET request and
    understand that the browser is requesting a burp suite to accept this request
    and send it to the original server. When this is being done our burp, console
    stores the request and response information. 
    2) A website consists of a lot of subdomains and this may become a
    problem when we are trying to intercept using a proxy. A lot of unnecessary
    requests will be processed and will make the console tab chaotic. For this
    reason, the burp suite gives a scoping tool that will let us select the main
    domain for testing purposes. All the out of scope sub-domains will be
    filtered and will not be sent through the proxy service.
    3) Now accept all the requests that have been sent by the browser. Now go
    and look back at the browser and our homepage will be displayed. This
    homepage has a login form and we need to brute force this with payloads
    using brute force hoping for a successful cracking. 
    4) Look at the requests that have been monitored and you can observe that
    all are GET requests which are used by the client to let the server know that
    the system is asking information. We will now use intruder a tool in the
    burp suite to brute force payloads to the login form. 
    What is an intruder? 
    Intruder in common words is an anonymous person that enters the house
    without any permission or for theft. This is the exact way how an intruder
    works. When we use this tool burp suite sends requests fastly and
    anonymously so that the system won't detect it as malicious. 
    Step by step procedure 

    1) Now enter some fake data in both username and password fields and
    send it through the proxy server. With this procedure, all the data will be
    sent and the request will be of POST category. The post is an HTML
    request category where the arguments are sent along with the request.
    2) Now select all the post requests and send them to the intruder tab. In the
    intruder tab, you can select the entered username and password arguments
    using a dollar sign. After the arguments becoming highlighted user can
    select the payload procedure type. There are a lot of procedures like a single
    hammer, cluster bomb, and pitcher fork. 

    Download 6,34 Mb.
    1   ...   195   196   197   198   199   200   201   202   203




    Download 6,34 Mb.
    Pdf ko'rish