That's what I intercept from the login page.
I'll try to bruteforce my mum's account with Burp. She gave me several passwords.
Trying to find a way for the password's entry then. Is it feasible?
You are viewing a single comment's thread from:
That's what I intercept from the login page.
I'll try to bruteforce my mum's account with Burp. She gave me several passwords.
Trying to find a way for the password's entry then. Is it feasible?
What goes for "ID" then? I got 10 here but other times different values.
In this picture below they entered the name of the account for "ID".
You're using the wrong tools for this job, you can't just point burp proxy at this with a list of passwords. The "password" never gets sent to the server, all encryption/decryption is done locally in the browser and your browser sends out signed transactions. There's no traditional login api on a central server for you to brute force. You could've just tried the list of passwords in the browser manually by now :P