Home > Developer > Web Develop

Hack the website password with Burpsuite

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

    • Burpsuite Professional Edition

    • A website

Method/Step
  2. 1

    Switch to the option option on the Proxy tab, set the proxy address and port: 127.0.0.1:8080.

  4. 2

    Start the agent you just set up

  6. 3

    Open Internet Properties, select: Connections->lan Settings->proxy Server. Enter 127.0.0.1 and 8080 respectively.

  8. 4

    Find a destination URL for

  10. 5

    Click "Login" when a pop-up window appears, in order to find a real login URL, we click "Free Registration".

  12. 6

    Click "Login" next to enter an account, enter the password "123456". (Do not click the login button first)

  14. 7

    Select the "Intercept" option under the Proxy tab, click on the "Intercept is off" button and the button will change to "Intercept is on"

  16. 8

    Open the previous landing page and click on the "Login" button.

  18. 9

    At this point we will see the packets just intercepted under the burpsuite. You can see the username and keywords we just entered.

  20. 10

    Right-click within the text area and select Send to Intrder

  22. 11

    Switch to the Intruder tab, select "Target", set the host address and port number, the port number by default is 80, if the website is using the HTTPS protocol, tick "use HTTPS" to switch to 443 port (SSL)

  24. 12

    To switch to the positions option, click the "Clear $" button on the right to clear all default parameters.

  26. 13

    The mouse selects the text behind username (the user name we entered) and clicks the "Add $" button.

  28. 14

    To switch to the "payloads" option, select the "Payload type" to use, here we select "Simple List".

  30. Select a password in the "Add from List" below, where we select "8 Letter Words".

  32. Switch to the Options tab, set the number of threads and other parameters, as shown in.

  34. Click "Intruder" on the menu bar and select "Start attack"

  36. When we scan to the same time, we sort by length size. This is where we will see several different packets, many of which are the same, and there are a few packets that are quite basic enough to be correct.

  38. Select one of the smaller packets, click "Response" below, and you will see a prompt "username or password is wrong"

  40. Similarly, we then select a larger packet, which is, we will see below without prompting "username or password error",

  42. When I reopen the login page, I find I can't get in.

  44. The initial guess is that the IP is blocked by the site, so we have to change an IP login to try. I use the mobile phone to open the Hotspot link computer, then go to open the Web page is displayed.

  46. Enter the username that we just got (take merchant for example) and password 123456. Then click Sign In.

  48. Successful Login

Hack the website password with Burpsuite

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to hack wifi password with ip address hack ftp password ftp password hack yahoo password hack download icloud password recovery hack instagram password reset hack sql injection password hack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More