Brute Force Router Password using BurpSuite – Penetration Testing

Burp suite has always been used to burst a variety of forms used to submit the login authentication, today i am going guide you how to use the Burp Suite to brute force HTTP Basic authentication.

HTTP Basic authentication

HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID and password) from the client. The client passes the authentication information to the server in the Authorization header. The authentication information is basically 64-bit encoded.
Let us give an example below to specify, assuming that we request the user name and password are admin, you first need to Base64 user name and password encoding:

Base64(‘admin:admin’) = YWRtaW46YWRtaW4=

Our authentication request is:

Authorization: Basic YWRtaW46YWRtaW4=

Open BurpSuite and setting browser proxy

Intercept “Authenticate Request”

Choose “Send to Intruder”

Setting payload position

On Payload tab, set as below

Choose your wordlists. You can download wordlists here.

Start Attack

Filter the result
Decode base64

Demo

The post Brute Force Router Password using BurpSuite appeared first on Penetration Testing.