Burp Suite User Forum

Create new post

Burpsuite error or using incorrectily

castro1825 | Last updated: Jun 13, 2021 03:39PM UTC

Hey everyone, I wanted to test a login page but everytime I try to use different passwords it the server gives the same exact response even if it gets the correct password. What can I do to hint me that it is the correct password? POST /en/auth_login HTTP/2 Host: www.kkkkkkkk.com Cookie: lang=en; _fz_uniq=5055482433821045220; _fz_fvdt=1623588834; _fz_ssn=1623597181300998453; sid=rp4flihlyiwqkwcunqhdteuw; _media_uuid=2996535769 Content-Length: 197 Cache-Control: max-age=0 Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90" Sec-Ch-Ua-Mobile: ?0 Upgrade-Insecure-Requests: 1 Origin: https://www.kkkkkkkk.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.kkkkkkkk.com/en/auth_login Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close RedirectAfterLoginUrl=https%3A%2F%2Fwww.kkkkkkkk.com%2Fen&RegistrationUrl=&ShowOpenId=True&ViewType=0&Login=§castr§&Password=§§&signature=

Hannah, PortSwigger Agent | Last updated: Jun 14, 2021 03:43PM UTC

Hi If you attempt to log in on the actual site, is there a difference if you provide a correct password compared to an incorrect password?

ben | Last updated: Jun 14, 2021 09:55PM UTC

I actually ran into this problem when I installed for the first time (had to reinstall), but once I reinstalled I realized that the default admin account name is "admininstrator" instead of the widely used and accepted "admin". - Just trying to eliminate some causes :) But if you don't remember your password you will have to completely reinstall (backup your searches etc.).

Hannah, PortSwigger Agent | Last updated: Jun 15, 2021 08:25AM UTC

If you are using Burp Suite Enterprise, and are struggling to remember your login credentials, you can create a new admin user with the following instructions: https://portswigger.net/burp/documentation/enterprise/getting-started/create-new-admin-user

castro1825 | Last updated: Jun 15, 2021 12:33PM UTC

Hey Hannah, no there is not a difference they are exactly the same, when I try the intruder it gives me the different lenght of messages and says that the logins that I tried are wrong even tho it was the correct one, I don't understand why this happens.

Hannah, PortSwigger Agent | Last updated: Jun 16, 2021 12:37PM UTC

Hi Could you drop us an email at support@portswigger.net with some screenshots of what you are experiencing?

castro1825 | Last updated: Jun 17, 2021 03:42PM UTC

Hey, Yes I will.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.