Brute Force Login Using Burp Suite Intruder
tools: burp suite & iceweaselweb app: mutillidae
Here I use burp suite intruder to brute force the login of the admin user (remember we enumerated this in an earlier video)
here is the full video of how to brute force a login using burp suite
- ensure proxy is working
- capture a known bad request
- right click on request and sent to burp intruder
- set payload position
- load payloads
- attack
- where there is a response code of 302 a successful password has been found
- the length differs when compared to non successful logins, for example in the video
unsuccessful logins have a length of 48669 (in mutillidae via burp suite)
