BURPSUIT DAY-2

STEP-1 Intercept the Login Request •Open the Target Website: Navigate to the login page of the target application in your browser. •Enable Interception: In Burp Suite, ensure the Intercept is on (Proxy -> Intercept -> Intercept is on). •Submit Login Request: Enter any credentials and submit the form. Burp Suite will capture the request.

STEP-2 Send Request to Intruder •Right-click the Request: In the Intercept tab, right-click the captured login request and select “Send to Intruder.” •Go to Intruder Tab: Navigate to the Intruder tab in Burp Suite.

STEP-3 Configure Intruder for Brute Force •Position the Payloads: In the Positions tab, clear the default positions and set the payload positions around the username and password parameters. •Add Payload Positions: Highlight the value of the username field and click “Add §” to mark it as a position. Repeat for the password field.

STEP-4 Set Payloads •Go to Payloads Tab: Switch to the Payloads tab. •Configure Payload Sets: Select the payload position you want to brute force (e.g., username or password). •Load Payload List: Choose a payload type (e.g., Simple list). Add a list of usernames or passwords you want to try. You can either manually enter them or load a list from a file.

STEP-5 Start the Attack •Begin Attack: Click the “Start Attack” button. Burp Suite will begin sending requests with the payloads you configured. •Monitor Responses: In the Intruder attack window, monitor the responses to identify successful logins. Look for differences in status codes, response lengths, or specific content indicating a successful login.

STEP-6 Analyze Results •Review Response: Look through the results to find successful attempts. The response length, status code, or specific response content can help identify a valid login. •Validate Findings: Once you identify potential successful credentials, manually verify them by attempting to log in with those credentials.