Information security technology experiment: use burp suite to crack the web background

1. Purpose of the experiment

1. Understand the principle of website brute force cracking.
2. Learn the process of cracking the background password and improve the security awareness of system development.

2. Experimental content and design ideas

Use burpsuite to blast the background password of the website

3. Experimental use environment

4. Experimental steps and debugging process

First, open the virtual machine, log in, and see that the local IP address is 192.168.75.130

Then add the virtual port: 192.168.75.70:80

Enter the following website and enter the login interface. This is to enter the account pablo, password LinChuanTao, unable to log in
http://192.168.75.130/dvwa/login.php

Then set the proxy server of the browser to 127.0.0.1:8080 (here is the Firefox browser)

After activating the Burpsuite software

The successful activation page is as follows

After setting the ip address, open the interception, enter the account pablo in the browser, and the password LinChuanTao, and you can see that the account and password information has been intercepted

Then brute force through the dictionary

After cracking, you can see that the Location with the password "letmein" is index.php and successfully logged in, while the other password is still login.php, so the password is letmein

Close the software to intercept the input account pablo, password letmein, successfully crack it, and log in successfully.

5. Experimental summary

通过这次实验，对网络安全的重要性有了更进一步的了解，通过破解密码意思到网站也是有缺陷的，需要我们时刻做好网络安全工作。在实验过程中也遇到过一些问题，但在后续的学习中通过互相讨论与通过互联网工具查询相关知识，不断的学习解决该问题，这为我们后续的信息安全技术的学习打下了很好的基础。