This payload allows you to configure large list of strings which overcomes the simple list payload type.įirst, we have intercepted the request of the login page in the DVWA LAB, where we have given a random username and a random password. This type of payload is needed when we require a large list of payloads, to avoid holding the entire list in memory. This type of payload allows you to configure a file which reads the payload strings at runtime. We will see a message “Welcome to the password protected area admin” which shows are success in the simple list payload attack. The moment it will find the correct value, it will change the value of length as shown.Īnd to confirm the username and password matched, we will give the matched username and password in the DVWA LAB login page. Now the burp suite will do its work, match the valid combination of username and password and will give you the correct password and username. Select Start Attack in the Intruder menu as shown in the image. Now select 2 in the Payload set and again give the dictionary file for the password. Then click on Load button and select your dictionary file for username. So now, go to Payloads tab and the select 1 from Payload set (this ‘1’ denotes the first file to be selected). one for username and second for password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |