Brute Forcing HTTP Basic authentication
Burp suite has always been used to burst a variety of forms used to submit the login authentication, today i am going guide you how to use Use the Burp Suite to brute force HTTP Basic authentication.
HTTP Basic authentication
HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID and password) from the client. The client passes the authentication information to the server in the Authorization header. The authentication information is basically 64-bit encoded.
Let us give an example below to specify, assuming that we request the user name and password are admin, you first need to Base64 user name and password encoding:
Base64('admin:admin') = YWRtaW46YWRtaW4=
Our authentication request is:
Authorization: Basic YWRtaW46YWRtaW4=
Client request instance:
GET / HTTP/1.1 Host: localhost Authorization: Basic YWRtaW46YWRtaW4=
If the authentication succeeds, the server returns
HTTP/1.1 200 OK Date: Sun, 05 Jun 2016 13:56:02 GMT Content-Type: application/json; charset=utf-8 Content-Length: 53
If the authentication fails returns
HTTP/1.1 401 Unauthorized Date: Sun, 05 Jun 2016 13:56:02 GMT status: 401 Unauthorized Content-Length: 53
Use the Burp suite for blasting
First of all, set the same proxy and then intercept the request sent to the Intruder, as shown below:
Then we choose Intruder
Authorization:Basic like behind the sections:
In the Payload Settings type select Custom iterator
Our authentication information is similar to
username:password the form shown we need to set up two Position in the Payload option, used between each Position
: separated. About adding
:there are two ways, the first is if you are only prepared to blast a single user, then the user can later name in the Position 1 on a direct added directly
:; Another way is when you are ready to blow up multiple users simultaneously, then you need to add a separator below, is added in “separator for position 1” in
Then set Position 2 is what we want to blasting the password, I am here to directly load the local password dictionary:
Then is the point, we want to add a rule in the Payload Processing, Burp suite will automatically make our user name password Base64 encoding. Click the add button and select Encode and Base64-encode:
To this end, because our Base64 encoding often end with an equal sign, here we need to cancel the bottom of the page Payload Encoding option to prevent the Burp suite to our encoded data in the equal sign in the URL encoding.
At this point, you can start the HTTP Basic authentication blasting, as the result of blasting it, it depends on the dictionary you use slightly, this completely reveled.