Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Bruce force

olek | Last updated: Jun 28, 2021 07:00PM UTC

Hi I would like ask about Bruce force some number .I can cheek some as on the list abcdefghijklmnopqrstuvwxyz0123456789 but how to ask this number .It is possible asking server about this: Payload type how to set burp for this .What about "-" slash. INV1-94WJ-4HA5-8TA8-58Y5 Thanks

Michelle, PortSwigger Agent | Last updated: Jun 29, 2021 08:57AM UTC

Thanks for your message. Can you give me some examples of the types of payload you would like to send as part of the attack, please? Do they all need to follow the same format as the example above? Is it just the "-" that you would like to change to another character?

olek | Last updated: Jun 29, 2021 10:50AM UTC

NO I just want to ask server about more ability exiting number in server .for example. 1.INV1-95WJ-4HA5-8TA8-58Y5 2.ONV1-94WJ-4HA5-8TA8-58Y1 3.INV1-74WJ-4HA5-8TA8-11A3 Just setting burp for ask about if server will be response me if I will change . I know how to set burp for ask about code 524223 But How to set burp for this INV1-74WJ-4HA5-8TA8-11A3 big letter and number.????? and --------????

Michelle, PortSwigger Agent | Last updated: Jun 30, 2021 09:35AM UTC

Depending on the payloads you want to cycle through for the attack these options may help. If you wanted to cycle through all options of A-Z and 0-9 for each block of 4 characters, would setting multiple payload positions for a Cluster Bomb attack that uses the Brute forcer payload type help? §INV1§-§95WJ§-§4HA5§-§8TA8§-§58Y5§ You could set the Brute forcer payload type to use a range of characters and numbers that only include upper case characters. Alternatively, if you have pre-defined lists of payloads that you want to insert between each '-' you may find using a Sniper attack and the Custom Iterator payload type helps you to achieve what you need. I hope that helps. If you have any questions, please let us know.

olek | Last updated: Jul 04, 2021 02:34PM UTC

Additionally I ask it is any way to Bypass WAF .All my scan is ban by WAF.I use GET method for request.

Michelle, PortSwigger Agent | Last updated: Jul 05, 2021 09:14AM UTC

Thanks for your message. Have you taken a look at the Bypass WAF extension in the BApp Store? https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.