Hello friends!! Today we are discussing about the “Types
of Payload in Burp Suite”. Burp Suite is an application which is used for
testing Web application security. Its
various tools work seamlessly together to support the entire testing process,
from initial mapping and analysis of an application’s attack surface, through
to finding and exploiting security vulnerabilities. This tool is written
in JAVA and is developed by PortSwigger Security. We are going to use the
Intruder feature of Burp Suite, it is used to brute force web applications. There
are 18 types of payloads in intruder i.e.
·
Simple
list
·
Runtime
File
·
Case
Modification
·
Numbers
·
Brute
Forcer
·
Character
substitution
·
Custom
iterator
·
Recursive
grep
·
Illegal
Unicode
·
Character
blocks
·
Dates
·
Brute
Forcer
·
Null
Payloads
·
Character
frober
·
Bit
Flipper
·
Username
generator
·
ECB
block shuffler
·
Extension
Generated
·
Copy
other payload
Simple List
This
is one of the simple types of payload, as it allows you to configure a short Dictionary
of strings which are used as payload.
First, we intercept
the request of the login page in the DVWA LAB, where we have given a
random username and password. Then click on login, the burp suite will capture
the request of the login page.
·
Press on the Clear button given at right of window
frame.
·
Now we will select the fields
where we want to attack which is the username and password and click on Add button.
·
Choose the Attack type as Cluster Bomb.
·
In the given
below image we have selected username and password that means we will need two
dictionary files i.e. one for username and second for password.
Now select 2 in the Payload set and again give the dictionary file for the password. Select Start Attack in the Intruder menu as shown in the image.
Now the burp suite will do its work, match the valid combination of username and password and will give you the correct password and username. The moment it will find the correct value, it will change the value of length as shown.
And to confirm the username and password matched, we will give the matched username and password in the DVWA LAB login page. We will see a message “Welcome to the password protected area admin” which shows are success in the simple list payload attack.
Runtime File
This type of payload allows you to configure a file which reads the payload strings at runtime. This type of payload is needed when we require large list of payloads, to avoid holding the entire list in memory. This payload allows you to configure large list of strings which overcomes the simple list payload type.
First, we have intercepted the request of the login page in the DVWA LAB, where we have given a random username and a random password. Then click on login, the burp suite will capture the request of the login page in the intercept tab.
Send the captured request to the Intruder and follow given below step. Now open the Intruder tab then select positions and you can observe the highlighted password and follow the given below step for selecting payload position.
·
Press on the Clear button given at right of window
frame.
·
Now we will select the fields
where we want to attack and i.e. the password filed and click on Add button.
·
Choose the Attack type as sniper.
·
In the given
below image we have selected username and password that means we will need two
dictionary files i.e. one for username and second for password.
Now the burp suite will do its work, match the password and will give you the correct password. The moment it will find the correct value, it will change the value of length as shown.
Case Modification
This type of
payload allows you to configure a list of strings and apply various case
modifications to each item on the list. This is useful in password guessing
attacks, for generating case variations on dictionary words.
The following
case modification rules can be selected:
- No change - The item is used without being
modified.
- To lower case - All letters in the item are
converted to lower case.
- To upper case - All letters in the item are
converted to upper case.
- To Proper name - The first letter in the item
is converted to upper case, and the remaining letters are converted to
lower case.
- To Proper Name - The first letter in the item
is converted to upper case, and the remaining letters are not changed.
For example, if
we select all the modification options, then the item "Raj Chandel"
will generate the following payloads:
Raj Chandel
raj chandel
RAJ CHANDEL
Raj chandel
First, we intercept the request of the login page in the DVWA LAB, where we have given a random username and a random password. Then click on login , the burp suite will capture the request of the login page in the intercept tab. Send the captured request to the Intruder by right clicking on the space and selecting Send to Intruder option or simply press ctrl + i.
Now open the Intruder tab then select positions and you can observe the highlighted password and follow the given below step for selecting payload position.
·
Press on the Clear button given at right of window
frame.
·
Now we will select the fields
where we want to attack and i.e. the password filed and click on Add button.
·
Choose the Attack type as sniper.
·
In the given
below image we have selected username and password that means we will need two
dictionary files i.e. one for username and second for password.
Now the burp suite will do its work, match the password and will give you the correct password. The moment it will find the correct value, it will change the value of length as shown.
Numbers
This type of
payload generates numeric payloads within a given range and in a specified
format.
The following
options are available in this payload:
- Number range:
·
Type - the type options describes that the
numbers should be generated sequentially or randomly.
·
From - If numbers are being generated
sequentially, this is the value of the first number that will be generated.
·
To - If numbers are being generated
sequentially, this value of the last number that will be generated. It is said
as the highest possible number that may be randomly generated.
·
Step - the step option is used when
numbers are being generated sequentially and specifies the increment in the successive
numbers.
·
How
many - This option is
available when numbers are being generated randomly, and specifies the number
of payloads that will be generated
First, we intercept the request of the login page in the Bwapp Lab, where we have given a random username and a random password. Then click on login, the burp suite will capture the request of the login page.
·
Press on the Clear button given at right of window
frame.
·
Now we will select the fields
where we want to attack and i.e. the password filed and click on Add button.
·
Choose the Attack type as sniper.
·
In the given
below image we have selected username and password that means we will need two
dictionary files i.e. one for username and second for password.
Now the burp suite will do its work, match the password and will give you the correct password. The moment it will find the correct value, it will change the value of length as shown.
As the password matches with a number which is between the given number range. And to confirm the password matched, we will give the password in the Bwapp LAB login page, which will successfully log us into the Bwapp lab. This shows our success in the attack.
Brute Forcer
This type of payload generates a payload of
specified lengths that contain all permutations of list of characters in the
given string.
The following options are available:
- Character
set - The set of characters to be
used in the payloads. Note that the total number of payloads increases
exponentially with the size of this set.
- Min
length - The length of the shortest
payload.
·
Max
length - The length of the longest payload.
First, we intercept the request of the login page in the Bwapp LAB, where we have given a random username and a random password. Then click on login, the burp suite will capture the request of the login page.
Send the captured request to the Intruder and follow given below step. Now open the Intruder tab then select positions and you can observe the highlighted password and follow the given below step for selecting payload position.
·
Press on the Clear button given at right of window
frame.
·
Now we will select the fields
where we want to attack and i.e. the password filed and click on Add button.
·
Choose the Attack type as sniper.
·
In the given
below image we have selected username and password that means we will need two
dictionary files i.e. one for username and second for password.
Then
select the “Payload type” as Brute Forcer
where we can give any kind of input into the “character
set” as shown in
the figure , as we have given 213 and
we have set the Min length as 3 and Max length as
3 as shown in the image. We
can manually give the Min length and Max length as per your need. Select
Start Attack in the Intruder menu as shown in the image.
Great!! We have used Top 5 payloads of Burpsuite for login page brute force attack successfully.
Note:
In this articles (part-1) we will be performing top 5 payload types and the
rest of the payload types will be discussed in the (part-2) of this article.
0 comments:
Post a Comment