Basic application of burpsuite-brute force
Login to a site http://www.XXXX.cn/login.php its registration page as follows
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/79/15/wKiom1aIje2zzn8UAAAexIeI528518.png "title=" QQ picture 20160103104900.png "alt=" Wkiom1aije2zzn8uaaaexiei528518.png "/>
1. Open the proxy grab, random (guess) to try the user name password, display the following
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/79/14/wKioL1aIl2my_o5xAAAbNpVyaCw664.png "title=" QQ picture 20160103110350.png "alt=" Wkiol1ail2my_o5xaaabnpvyacw664.png "/>
2.send-to-intruder,intruder-positions, remove the extra load dictionary location, auto$ password user name
Attack type-battering (a dictionary that matches two load locations simultaneously)
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/79/14/wKioL1aIl9LhS2M3AAAbEiFKxOs391.png "title=" 55555. PNG "alt=" Wkiol1ail9lhs2m3aaabeifkxos391.png "/>
3.Payload set-type-rumtime file (choose to load your own dictionary), Payload option to load your own dictionary (English sub-directory, English file name)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/79/14/wKioL1aIm7bw3e0PAACktrxq9vE521.png "title=" 999. PNG "alt=" Wkiol1aim7bw3e0paacktrxq9ve521.png "/>
4.start-attack
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/79/16/wKiom1aIoBCzuL8KAACs-3GUIdY373.png "title=" O00000.png "alt=" Wkiom1aiobczul8kaacs-3guidy373.png "/>
5. Find a different length value for comparison, there are obviously 1691 and 1427, right click Send-to-comparer (response)
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/79/14/wKioL1aIoqWy32TxAAC6ETcQm-E642.png "title=" 3333. PNG "alt=" Wkiol1aioqwy32txaac6etcqm-e642.png "/>
In the lower corner click Word to see the comparison, as follows
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/79/16/wKiom1aIo13BBbytAABXvp3hEXo002.png "title=" 7777777.png "alt=" Wkiom1aio13bbbytaabxvp3hexo002.png "/>
The cookie value appears, stating that 111111 is the password (and also the user name).
This article is from the "small White Repair Fairy" blog, please make sure to keep this source http://3639825.blog.51cto.com/3629825/1731029
Basic application of burpsuite-brute force