Burp Suite: Intruder

March 08, 2024

PreviousBurp Suite: Other Modules NextNet Sec Challenge

Last updated 1 year ago

Burp Suite: Intruder

March 08, 2024

Task 1: Introduction

Task 2: What is intruder

Task 3: Positions

Task 4: Payloads

Task 5: Sniper

Task 6: Battering Ram

Task 7: Pitchfork

Task 8: Cluster Bomb

Task 9: Introduction to Attack Types

Task 10: Practical Example

First we have to download the leak credentials in the Bastion Hosting

We will using wget command to retrieve the zip file and just unzip it

wget http://10.10.114.29:9999/Credentials/BastionHostingCreds.zip
unzip BastionHostingCreds.zip

Then in the login form we are going to input some random stuff in the username and password parameter

We will catch the POST method from the website using Burpsuite and forward this request to intruder section

Then we are going to put section sign symbol in both username and password as you can see below.

We also going to use the Pitch Fork attack type which will read the username.txt and password.txt simultaneously. This attack will simultaneously input the word from the wordlist to the given parameters

First Payload set we will specify the username.txt that will go to username parameter

Then the second payload set we will specify the password.txt that will go to password parameter

After that we star the attack we can see here that there is a differnt length of size of the byte from the POST request. That notify us that credential actually goes through the system and it does not return fail status

Task 11: Practical Challenge

First we have to login for us to have a user in the website

m.rivera
letmein1

As we logged in we will see the support section of the website where we can see bunch of assigned tickets.

By looking at the ticket 78 we can see some query or the message from the email.

As you can see at the top we can change the parameter from 78 to any number that we want

Therefore, we are going to intercept the GET request from the website so that we can navigate to different ticket number ranging from 1 - 100.

Then we just forward this to intruder so that we can fuzz some number

But first i actually made a python script that will produce or create a number list ranging from 1 to 100 and it will save to a txt file

number = 0 

with open("python1to100.txt","w") as file:
	for i in range(100):
		number = number + 1
		file.write(str(number) + "\n")
		print(number)

After we made a umber list we will now use it and insert it to the payload setting in Burp

Just start the attack and we can see that here are bunch of 200 http code that we got and one of the GET request actually returns the thm flag and it is located at ticket 83

Task 12: Extra Mile Challenge

First we have to access the admin login page then just put random character in the username and password box while our burp is intercepting the http traffic

Then we can see here in the burp that we intercepted the POST request from the website.

Now we will just forward this to intruder

We will pick the "Pitchfork" attack type like the previous challenge then we will add section symbol in the username and password parameters

For the first payload wordlist we will use the username.txt again

Then for the second payload set we will use the password.txt again from the zip file that we unzipped earlier