Using Burp suite to Brute force HTTP Basic Auth
The first question to obviously answer is what is HTTP Authentication?
HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard HTTP headers which means that no handshakes have to be done in anticipation.
Here is what it looks like
What is our Aim?
- To intercept an HTTP authentication request.
- How to Setup Burp to brute force on the HTTP Auth Request
- Initiating the Attack
- Getting the Successful Login
To intercept an HTTP authentication request.
First of all we will set the browser to go through our Burp Proxy by simply changing the proxy configuration to the following:
Once done we will access a Router Page (192.168.0.1) in my case to see the HTTP Authentication pop up, enter the credentials and check the response .
The Authorization parameter is the encoded parameter that contains the username and password that we enter.
How to Setup Burp to brute force on the HTTP Auth Basic Request
So now we will initiate the brute force in the HTTP Auth Basic Parameter. First we send the request to the intruder tab and then use the Sniper Attack type.
We select the “Authorization: Basic” parameter in this case its : YWRtaW46YWRtaW4= so we highlight this and Add it in the scope .
The encoding here is a Base 64 Encoding and the Decoded Value here is admin:admin .
This shows us that we need to append a “ : “ in between of the values we pass.
So let’s setup our encoded payload delivery.
The next tab that is the Payload the delivery of our attack this is where we configure the list.
Selecting payload set = 1 , payload type = custom iterator
List 1 with the possible Usernames , and List 2 with possible passwords.
Then we select the Seperator the “ : “ between the two word lists . make sure you enter the “ : “ in Position 1 and not Position 2 .
One more thing to remember is that we need to encode the whole string into base64 for authorization purpose so we will do the following .
Click Add from Payload processing then select Encode from the drop down List and then choose Base 64 from the other Drop Down .
Disable the encoding checkbox in the same Payloads Tab else you will end up encoding the “ : ” param again .
Initiating the Attack
You can simply start the attack by just clicking on the Intruder (dropdown) à Start attack and wait for the output.
Here we see that we have got a successful attempt, let’s check and decode the Value.
Getting the Successful Login
Now we can either use the Decoded Username and password that is available or just forward the Basic Auth encoded value and gain a successful login .
More videos on Burp Yet to come 🙂