Hydra http-post-form based on length of the response
Information Security Asked by Riccardo D on February 13, 2021
is there any way for hydra to understand the correct combination ^USER^ and ^PASS^ in a http-post-form authentication attack based on the length of the body response?
Like in Burpsuite you can look at the length and understand password and username.
So basically how can I setup hydra to look at the length parameter during a http-post-form?
One Answer
I'm not sure if this is possible to do with Hydra, but I would recommend using ffuf for this.
You can do an HTTP-POST form bruteforce based on length like this:
ffuf -w /path/to/wordlist.txt -X POST -d "username=admin&password=FUZZ" -u https://target/login.php -fl 480
-fl: tells it to filter out the length you don't want (failed attempt)
FUZZ: is where it will replace words from the wordlist in the request
Although in this approach the username would be static. A little bash scripting hack would solve that.
Answered by Khalid on February 13, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Jon Church on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?