>> When it comes to cracking passwords with software tools, there are so many different

options available to you. And I thought it'd be good to show you an example of what it's like
to brute force a web page. So what I've done here is the first thing that you need to do is
understand how a Web Server in a web browser talk to each other.

I mean, when a web browser goes up and talks to web server, what does that conversation
really look like? Well, one way that you can find that out is to launch something called burp
suite, that's the name of it, the names they come with. And burp suite, what I've done is I've
launched it an I've gotten the proxy server going and I've told it to intercept connections
between this system right on port 8080 actually.

And what I've done is I've configured Firefox and I'm just gonna show you hear Firefox on
this Linux system here to use a particular proxy server, see it. I've set it to manual and I'm
telling it to go to the local server and what it's doing is therefore this anytime I access
anything on this particular webrowser, it's gonna go through the burp suite proxy.

And I can read that conversation. So for example, I'm gonna go to this website here, and I've
got it on intercept mode. And right now, burp suite is actually intercepting at that particular
session. And so what I'm doing is I'm clicking on here in forwarding this session here so that
as that it takes a little while to get going on it as I click on it, you're going to see it eventually
go to the login page again.

It takes forever to get going on that, let me see if I can get it going, here we go. And there we
go one more time. And it always takes a while, there we go. So what you've just seen is
basically the web server is talking to the web browser.

And in this case, I've gotten something here. I've gotten a session ID and I've gotten a sense
of the security. What I can do is I can take this information and do interesting things with it
here. But first the main thing I want to do is I wanna log into this remote web server.

I'm accessing a remote web server on the 103 system, that's another computer, and I'm just
gonna do a failed session. And so I'll just type in any user name that I want. And any
password doesn't matter what the password is here. And I'm gonna hit Log in here a couple
of times and I'm gonna go back in here and I'm gonna forward that session a few times.
And I'm gonna go back in and take a look at what that particular session looks like here. And
what it's gonna tell me is exactly the sequence of what that particular login looks like. And
in this case, if I could ever find it, it's gonna be showing exactly how this web server is
talking.

And there it is, and so what I can do with this information, I can take this particular cookie
here, and I'm gonna copy and paste it here. And I've pre baked a particular command here.
And with this command I need to put in the right cookie session and what I can do is
conduct a software attack on this system, right, cuz I know now how this server logs in.

How the user name is set up, and it's basically gonna look for a password an it's gonna be
looking for the password. Here there's the login and the username or incorrect is basically
the message that the Web Server is gonna come back, because I already logged in
incorrectly.

But now what I've done is I've taken that information and I'm logging back in an looking
there. I was able to brute force my way into this particular system and I was able to discover
that the login is admin, and that this person didn't use a very good password.

It doesn't matter though cuz I was able to go in and I was able to trick the CGI scripts. In this
case they were made out of PHP into thinking that I am a legitimate user. So now I can go in
an log in to that web server all I want, because now I have basically defeated their
authentication.