BURP SUITE - itzdharanish/Cyber-Security-Placement-Training GitHub Wiki

                                                                    #   DAY 2

                                                          ##   Burpsuite Bruteforcing

• Burp Suite is a tool used for capturing and manipulating the HTTP traffic between a browser and a web server . • This technique is used for performing brute force attack. Step: 1

Open the Burpsuite community edition tool in menu

WhatsApp Image 2024-07-17 at 14 08 52_19fe2358

Step: 2

Then Go to proxy tab and click “open browser” Off the intercept and search Testfire.net

WhatsApp Image 2024-07-17 at 14 08 51_df7e419a

Step: 3 Open the signup tab and Enter “TEST” as username but, we don't know the password so, enter any random password. Now we perform Brutefoce attack to get the password.

WhatsApp Image 2024-07-17 at 14 08 52_a4202e86

Step: 4 Before clicking the login, open proxy tab, on the intercept and capture the http request.

WhatsApp Image 2024-07-17 at 14 08 55_98ba7cc8

Step: 5 Rigth click, select send to intruder and move to the intruder tab

WhatsApp Image 2024-07-17 at 14 08 55_66a25971

Step: 6 Select the password and click the add button, Before Adding the payloads you should download the xss payload in github

WhatsApp Image 2024-07-17 at 14 08 56_2fe190c2 WhatsApp Image 2024-07-17 at 14 08 53_2434d010

Step: 7 Add the payloads
WhatsApp Image 2024-07-17 at 14 08 56_7cff87a4

Step:8 Start the attact by clicking “Start Attack” The correct password shows status code when changes WhatsApp Image 2024-07-17 at 14 08 55_97fd803d