In this video I demonstrate how to brute-force passwords, username enumeration (comparison of responses and time-based analysis), and the different tools that can be used to perform this type of attack.
As there were no Anti-CSRF tokens present in the login form, it was trivial to configure and run the automated password guessing attack, using the Burp Intruder module.
– Automated Password Guessing (i.e. Brute-forcing passwords)
– Username Enumeration (Comparison of responses and time-based analysis)
– Burp Repeater
– Burp Intruder
– Burp Comparer
Stay tuned and subscribe for more upcoming videos showing actual hacks!