In this video I demonstrate how to brute-force passwords, username enumeration (comparison of responses and time-based analysis), and the different tools that can be used to perform this type of attack.

As there were no Anti-CSRF tokens present in the login form, it was trivial to configure and run the automated password guessing attack, using the Burp Intruder module.

Topics covered:
– Automated Password Guessing (i.e. Brute-forcing passwords)
– Username Enumeration (Comparison of responses and time-based analysis)
– Burp Repeater
– Burp Intruder
– Burp Comparer

Stay tuned and subscribe for more upcoming videos showing actual hacks!