Burp Suite User Forum

Login to post

Issue with " Broken brute-force protection, multiple credentials per request" lab

Jasmin | Last updated: Jun 06, 2021 08:40AM UTC

Hello. Can anyone please tell me what is wrong with my JSON data in the request? I'm always getting 500 error. { "username":"carlos", "password":[ "password123", "123456" , "password", "12345678 ", "qwerty" , "123456789", "12345" , "1234" , "111111", "1234567", "dragon" , "123123" , "baseball", "abc123" , "football", "monkey" , "letmein", "shadow" , "master" , "666666" , "qwertyuiop", "123321" , "mustang", "1234567890", "michael" , "654321" , "superman", "1qaz2wsx" , "7777777" , "121212" , "000000" , "qazwsx" , "123qwe" , "killer" , "trustno1", "jordan" , "jennifer", "zxcvbnm" , "asdfgh" , "hunter" , "buster" , "soccer" , "harley" , "batman" , "andrew" , "tigger" , "sunshine", "iloveyou" , "2000" , "charlie", "robert" , "thomas" , "hockey" , "ranger" , "daniel" , "starwars", "klaster" , "112233" , "george" , "computer", "michelle" , "jessica" , "pepper" , "1111" , "zxcvbn", "555555" , "11111111", "131313" , "freedom", "777777" , "pass" , "maggie", "159753" , "aaaaaa" , "ginger" , "princess", "joshua" , "cheese" , "amanda" , "summer" , "love" , "ashley", "nicole" , "chelsea", "biteme" , "matthew", "access" , "yankees", "987654321", "dallas" , "austin" , "thunder", "taylor" , "matrix" , "mobilemail", "mom" , "monitor", "monitoring", "montana" , "moon" , "moscow", ] }

Uthman, PortSwigger Agent | Last updated: Jun 07, 2021 09:37AM UTC

Hi Kujasmin, Try removing the trailing comma in a few of your password payloads. Alternatively, you can paste it into a JSON validator and copy the output e.g. https://jsonformatter.curiousconcept.com

Viren | Last updated: Sep 13, 2021 06:13PM UTC

This was helpful/insightful Thank you Uthman (PortSwigger Agent)

You need to Log in to post a reply. Or register here, for free.