Then select the Payload type as Simple list, where we have added a dictionary by clicking on Load button. Now we will select the fields where we want to attack which is the hash value of the redirecting page and then click on the Add button.We have simply clicked on the Redirection link as shown in the image the burp suite will capture the request of the redirecting page in the intercept tab. There are 7 types of hashing algorithms are available in this payload processing rule which is as follows:įirst, we have intercepted the request of the Redirection Link designed to find redirection vulnerabilities in the LAB created by us and in the hash value of the URL we have given a wrong hash value of HTTP://in place of the actual hash value of the HTTP://in the URL of the redirecting page. This processing rule can be used to carry out a hashing operation on the payload. It can be used in the opposite way in which encoding is carried out. As we know decoding is nothing but reversing the encoding. This processing rule can be used to decode the payload using various schemes: URL, HTML, Base64 or ASCII hex. This shows our success in the attack as shown in the image. Now check the username and password of 10th line in the dictionary.Īnd to confirm the username and password matched, we will give the password in the Router’s Login Page, which will successfully log us into the Router’s Configuration Page. This means we can use this encoded value to bypass the user authentication which occurs from request number 10. In the screenshot, you can the status and length of the highlighted value is different from the rest of the values. Sit back and relax because this will start brute force attack and try to match string for user authentication. Select Start Attack in the Intruder menu as shown in the image. The base64 encoded value of Authentication is a combination of username and password now the scenario is to generate the same encoded value of authentication with help of user password dictionary, therefore I have made a dictionary.īefore executing the attack we have added a payload processing rule to the payload type which is Encode and we have selected “Base64 encode” scheme because we know router takes the value in Base64. We can either load the dictionary or we can manually add input strings using the Add button in the payload options as shown in the image. Now click on payloads option after selecting payload position.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |