tag:blogger.com,1999:blog-8539880144347728238.post1823373564514929081..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Using Burp Intruder to brute force loginUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8539880144347728238.post-78142545832109659642012-11-16T12:20:09.183-05:002012-11-16T12:20:09.183-05:00If you're doing a Basic Auth attack using this...If you're doing a Basic Auth attack using this technique, you can't use cluster bomb as you need to encode a single payload and you can't do this with two separate payloads as you cant easily predict padding character inclusion.(in base64 the same characters will be encoded differently depending on their position within the three-octet group which is encoded to produce the four characters. Well annoying. I'm trying to sort a way of doing it that doesnt require hardcoding the username with a colon suffix.pentesticleshttps://www.blogger.com/profile/05965222771541430826noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-15655596808279912102009-10-29T04:54:59.435-04:002009-10-29T04:54:59.435-04:00Good and simple introGood and simple introdalvarez_shttp://www.blogger.com/profile/15762132693688259268noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-89036461537878698762009-10-29T10:21:02.670-04:002009-10-29T10:21:02.670-04:00Thanks David, in the future more tips will be post...Thanks David, in the future more tips will be posted but for now @k3r0s1n3 and I are working on building our next tool for release.cktrickyhttp://www.blogger.com/profile/16815248087217800849noreply@blogger.com