Dictionary attacks on login pages with Burp Suite

Burp Suite's Intruder has the ability to perform fuzzing and bruteforce attacks against as many parts of an HTTP request as we want to; it is particularly useful when performing dictionary attacks against login pages.

In this recipe, we will use Burp Suite's Intruder with the dictionary we generated in Chapter 2, Reconnaissance, to gain access through a login.

Getting ready

Having a password list is necessary for this recipe, it can be a simple word list from the language the target is in, a list of the most common passwords, or the list we generated in the Using John the Ripper to generate a dictionary recipe in Chapter 2, Reconnaissance.

How to do it...

The first step is to set up Burp Suite as a ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Dictionary attacks on login pages with Burp Suite

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly