SMS Bombing in Mobile using Burpsuite

In this article we will learn about SMS bombing. It is used to prank your friends by sending those hundreds and thousands of SMS at once. There are many third party sites to do so but there are usually of no use. We are introducing a different method to do so and all you need is you Kali.


We are going to use BurpSuite that means we have to set up proxy first. And for that go to browser settings and select prefences.


Then select advanced option and then go to network settings.


A dialogue box will open and from it select Manual Proxy Configuration. As you have selected this, you can either keep the http proxy as localhost or you can set it to 127.0.0.1


Now that proxy has been set up open BurpSuite.

Now select the proxy tab and then the options tab and check the check box of interface. Then click on Edit button on the left side.


It will open a dialogue box. In this select Support invisible proxying option. Click on OK.

When you return to the previous window check the invisible box too.


As of now all the settings have been done. Now what we need is to send the message and for that we will log in to way2sms.com.


After logging in generate the message and give the contact number to which you want to send the messages. Before clicking on send turn on the interception in BurpSuite.


When you click the send button the request will first go to Burpsuite as it captures the traffic. When the traffic has been captured right clicks anywhere and select Send to intruder option or simply use keyboard shortcut i.e. ctrl+i.


Now in the intruder tab select options tab. It will show you the details of the traffic that is the number to which the SMS was destined to and the text message.


Select the part of the text message and click on add.

Now go to Payloads tab and select Brute Force in the Payload type option.


Then give the character set of 123456789 i.e. 1-9 numbers. And give the minimum length of 1 and the maxumum length of 3. Here, minimum and maximum length means the length of digits that will created using character set. From the customization that we have done it will create 1100 messages for the receiver.

 Now finally to start the attack goes to the intruder menu and select Start Attack from the drop down menu.


Once the attack starts you can see that the receiver will start receiving all the messages in the interval of 1 to 5 seconds as shown in the image below:

I stopped the attack after 29 messages which were send in the time span of 1 to 2 minutes.

0 comments:

Post a Comment