O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Dictionary attacks on login pages with Burp Suite

Burp Suite's Intruder has the ability to perform fuzzing and bruteforce attacks against as many parts of an HTTP request as we want to; it is particularly useful when performing dictionary attacks against login pages.

In this recipe, we will use Burp Suite's Intruder with the dictionary we generated in Chapter 2, Reconnaissance, to gain access through a login.

Getting ready

Having a password list is necessary for this recipe, it can be a simple word list from the language the target is in, a list of the most common passwords, or the list we generated in the Using John the Ripper to generate a dictionary recipe in Chapter 2, Reconnaissance.

How to do it...

  1. The first step is to set up Burp Suite as a ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required