Authentication lab setup & writeups

Lab setup

Coming soon

Labs list

Username enumeration via different responses

PortSwigger | free | easy | link to lab

1. Send a login request, capture it in BURP and send to intruder

2. Mark the payload areas for the username and password in the body of the request


3. Select 'Cluster Bomb'

4. In payloads, load in the provided username list for the first list, and the provided passwords list for the second list

5. Click 'Start Attack'

6. Order the results by Status code or length to view the valid credentials

7. Use these credentials to login and solve the lab

Last updated