Scribd
Upload
125 views

Attacking Basic Auth With Burp Suiteâ (Session 1)

This document outlines the steps to crack basic authentication on a vulnerable web application using Burp Suite. It involves determining the target IP, scanning with Nmap, accessing the /basic directory, intercepting the request with Burp Suite, sending it to the intruder to run a dictionary attack against common passwords, finding the request with a different status code, decoding the credentials, and using them to log in successfully and retrieve the flag.

Uploaded by

vifeneb962
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
125 views

Attacking Basic Auth With Burp Suiteâ (Session 1)

This document outlines the steps to crack basic authentication on a vulnerable web application using Burp Suite. It involves determining the target IP, scanning with Nmap, accessing the /basic directory, intercepting the request with Burp Suite, sending it to the intruder to run a dictionary attack against common passwords, finding the request with a different status code, decoding the credentials, and using them to log in successfully and retrieve the flag.

Uploaded by

vifeneb962
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Name Attacking Basic Auth with Burp Suite

URL https://attackdefense.com/challengedetails?cid=1896

Type Webapp Pentesting Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1:​ Determining the IP address of the target machine.

Command:​ ifconfig
The IP address of the host machine is 192.253.50.2

Therefore, the target machine has IP address 192.253.50.3

Step 2:​ Scan the target machine using nmap.

Command:​ nmap 192.253.50.3

We have discovered that HTTP and MYSQL services are running on the target machine.

Step 3:​ Checking the application available on port 80 of the target machine.

URL:​ http://192.253.50.3
bWAPP application is hosted on the target machine.

Access the /basic directory:

URL:​ http://192.253.50.3/basic
Enter some random username - password combination.
Since the credentials were incorrect, the same login prompt would appear again:

Click on the “Cancel” button:


Step 3:​ Using Burp Suite to crack the Basic Auth:

Click on the FoxyProxy plugin icon on the top-right of the browser.

Select Burp Suite option from the list:


Start Burp Suite:
Click Next
Click on Start Burp

Burp Suite is opened. Now, access the /basic directory again.

Notice that Burp window comes into focus as it has intercepted the request.
Notice that the Proxy button in Burp Suite lit up (orange).

Click on the Proxy button

Notice the request being made by the browser.


Forward the above intercepted request and switch back to the browser window:

Notice that the application is prompting for credentials.

Enter some random credentials and press Ok.

Intercepted request:
Notice the Authorization header. The “/basic” directory uses Basic Auth.

Send the intercepted request to intruder.


Navigate to the Intruder tab in Burp Suite:

Navigate to the Positions sub-tab in the Intruder tab


Base64 decode the Basic Auth:

Right click and decode the base64 encoded basic auth:


The credentials passed to the login prompt are shown.

Replace the credentials with a parameter to be substituted:

Click on the Add Button on the right side:


Navigate to the Payloads tab and load the 100-common-passwords.txt list
Click on the Load button to load the password list located at
/root/Desktop/wordlists/100-common-passwords.txt:

In the Payload Processing section click on the “Add” button.


Select “Add Prefix”

Set the Prefix to “admin:”:

So, now “admin:” would be appended to each password from the list.

Add another Payload Processing option to encode the payload to base64:


Select the Encode Rule as Base64-encode

Next, click on the “Start Attack” button:

This would start the dictionary attack against the target webapp:
Check the Status codes of the requests and check the payload for the request with a different
status code:

Notice that there is one request with the status code of 301.

Double click on the request entry:


Select the credentials in the Authorization header field and send them to the Decoder tab.

URL decode the credentials followed by base64-decode:


Username:​ admin
Password:​ cookie1

Now, turn off the intercept mode in Burp Suite:


Pass the credentials to the application:

Click OK

The login was successful and the Flag is displayed:

Flag:​ d25db4ce54b60b49dfd7b32c52ed8d26

References:

1. Burp Suite (​https://portswigger.net/support/burp-suite-tools​)

You might also like