Brute Forcing HTTP Basic authentication

Brute Forcing HTTP Basic authentication

Burp suite has always been used to burst a variety of forms used to submit the login authentication, today i am going guide you how to  use Use the Burp Suite to brute force HTTP Basic authentication.

HTTP Basic authentication

HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID and password) from the client. The client passes the authentication information to the server in the Authorization header. The authentication information is basically 64-bit encoded.
Let us give an example below to specify, assuming that we request the user name and password are admin, you first need to Base64 user name and password encoding:

Base64('admin:admin') = YWRtaW46YWRtaW4=  

Our authentication request is:

Authorization: Basic YWRtaW46YWRtaW4=  

Client request instance:

GET / HTTP/1.1  
Host: localhost  
Authorization: Basic YWRtaW46YWRtaW4=  

If the authentication succeeds, the server returns 200a response:

HTTP/1.1 200 OK  
Date: Sun, 05 Jun 2016 13:56:02 GMT  
Content-Type: application/json; charset=utf-8  
Content-Length: 53  

If the authentication fails returns 401the response:

HTTP/1.1 401 Unauthorized  
Date: Sun, 05 Jun 2016 13:56:02 GMT  
status: 401 Unauthorized  
Content-Length: 53  

Use the Burp suite for blasting

First of all, set the same proxy and then intercept the request sent to the Intruder, as shown below:

Then we choose Intruder Authorization:Basic like behind the sections:

In the Payload Settings type select Custom iterator

Our authentication information is similar to username:password the form shown we need to set up two Position in the Payload option, used between each Position separated. About adding :there are two ways, the first is if you are only prepared to blast a single user, then the user can later name in the Position 1 on a direct added directly :; Another way is when you are ready to blow up multiple users simultaneously, then you need to add a separator below, is added in “separator for position 1” in :.

Then set Position 2 is what we want to blasting the password, I am here to directly load the local password dictionary:

Then is the point, we want to add a rule in the Payload Processing, Burp suite will automatically make our user name password Base64 encoding. Click the add button and select Encode and Base64-encode:

To this end, because our Base64 encoding often end with an equal sign, here we need to cancel the bottom of the page Payload Encoding option to prevent the Burp suite to our encoded data in the equal sign in the URL encoding.

At this point, you can start the HTTP Basic authentication blasting, as the result of blasting it, it depends on the dictionary you use slightly, this completely reveled.