1, forms-based brute force
First random test root / root login, use Burp get caught, thrown into the Intruder
add username and password parameters two variables, select the type of attack Clusterbomb
Payload username and password to the selected dictionary (payload type is a simple list), the thread is set to 1, start blasting
sorted return packet length, to obtain account password
2, bypassing the verification code (on client)
Also try to log on, get caught with Burp
Sent to Reperter, change to change the account password, Go, find the result was returned username or password is not exists ~,
See front-end code is found in the front end of verifying a verification code generated, as Burp can bypass the front end, directly thrown blasting Intruder
Not determined that the verification code to verify submitted after the background, but directly verified at the front end.
Below about brute force
Similar to the previous steps, only to these two dynamic variables here, do not have control codes.
Into the Intruder, as the remaining steps, add the dictionary, blasting, obtain account password
3, to bypass authentication code (On server)
Submit test at the rear:
To submit a verification code empty
Submit a bug verification code
Description backend was validated.
The following verification code whether to refresh
First, get a new verification code, write it down and submit in the background,
Shown as username or password is not exists explain the background of the code is verified
4, token anti-blast?
Burp packet capture and found token verification
Thrown into the Intruder, a username, password, token add a variable, select the type of Cluster Bomb Attack
Username and password to add a dictionary, open Grep-Extract In Options, click Add
get a reply, select and copy the value token
给token变量选择有效载荷类型为递归搜索,把刚刚复制的token粘贴到第一个请求的初始有效负载中
线程设为1,开始爆破
实验完成