Using Burp Intruder for customized attack automation
In this recipe, we will how we can use Burp Intruder to perform application login and directory bruteforce. The intruder can be used in any scenario where bruteforcing needs to done and can be customized as per your requirement.
Getting ready
To step through this recipe, you will need Kali Linux running on Oracle Virtualbox and an Internet connection. No other prerequisites are required.
How to do it...
For this recipe, you need to perform the following steps:
- Open the
Damn Vulnerable Web Application
page in the browser and traverse to theBrute Force
section, as shown in the following screenshot:
- Intercept the using Burp, as in the following screenshot:
- As shown earlier, send this request to the intruder within Burp, select the
Intruder
tab, and then select thePositions
subtab, as shown in the following screenshot:
- To use intruder to a common username and password, we will need to select only and password; the rest of the highlighted...