Bruteforce using Burp

To test your webform security using Burp intruder, follow these steps:

1- Attempt to login

2- Go to proxy History Tab

3- Find the POST request

4- Send to intruder

5- Use Cluster Bomb payload

6- Clear all payloads positions

7- Mark username and password fields as payload positions

8- Go to payloads tab

9- Set payload set 1 to your username list

10- Set payload set 2 to your passwords list

11- Click on the intruder menu

12- Select Start Attack

13- Look for different lengths or grep possible successful auth messages under options

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn