Authentication lab setup & writeups

Lab setup

Coming soon

Labs list

Username enumeration via different responses

PortSwigger | free | easy | link to lab

Solution

1. Send a login request, capture it in BURP and send to intruder

2. Mark the payload areas for the username and password in the body of the request

username=§test§&password=§test§

3. Select 'Cluster Bomb'

4. In payloads, load in the provided username list for the first list, and the provided passwords list for the second list

5. Click 'Start Attack'

6. Order the results by Status code or length to view the valid credentials

7. Use these credentials to login and solve the lab

PreviousAttacking MFA NextCross-Site Request Forgery (CSRF)

Last updated 1 year ago

Was this helpful?