Use Burpsuite to blast a weak password. Faculty number

Source: Internet
Author: User

use Burpsuite to blast a weak password. Faculty numberPosted in 2015-11-18 |   Categories in Burpsuite |   1 Reviews | 26 readsPrepare

So-called 工欲善其事, its prerequisite, the first of course is to download a burpsuite, you can baidu,google find a cracked version of, of course, you can also use the Kali system comes with, but the Kali system comes with a thread limit, only allow single-threaded, so or to find a cracked version of it!
It is important to note that Burpsuite is written in Java, so learn to run the Java environment, just as Sqlmap needs a Python runtime environment.

Process
  • Website Login Interface

    School network authentication interface automatically jump 10.255.200.1 , from the login interface can be seen, do not need to fill out the verification code, no login IP restrictions, the explanation can be unlimited blasting, yes!
  • Browser configuration
    Use the browser plug-in or Internet options to set the proxy
    ip:127.0.0.1 端口:8080
  • Burpsuite Configuration
    Double-click Burploader.jar under Windows, the default listening port is 8080, or you can change it yourself
    It's important to note that we need a lot of blasting here, so we need to shut down both the request and the response.
    Proxy->Options
    Intercept Client requests and Intercept Server requests are checked for cancellation
  • Grab first package
    After the basic configuration is complete, we're going to start grabbing a package.
  • start blasting
    View the crawled package in Burpsuite, right-click on the Send to intruder

    Modify the parameters to explode, and note that the mode changes to battering ram

    Set your payload, also can be said to be a dictionary, after a lot of staff number of the comparison, the basic staff number format is
    year + (/100/200/300) + (000~999)   For example + + +
    Of course excluding the other English letters of the Community Student Union computer room and so on account
  • Filter results
    Sort the ' length ' field on the result of the blast, and you can see that some of the returned bytes are not the same length
End

Verify the filtered results, and be careful!在网址为10.255.200.1的登录页面中验证

最后的最后,本次只用于测试学习,对任何他人造成的危害行为概不负责,要本着学习的态度

Original link: http://blog.alpace.xyz/2015/11/18/20151118/

Use Burpsuite to blast a weak password. Faculty number

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.