token暴破 - HackMD

- 利用burp suite抓包(要選pitck fork)後發現token leak ![image](https://hackmd.io/_uploads/rJmZs30IT.png) - 開始攻擊 - 將該行send to intruder --> username, password, token設定為payload --> options --> grep-extract -->新增token - 搜尋hide ![image](https://hackmd.io/_uploads/S11fjnRUa.png) ![image](https://hackmd.io/_uploads/H1vMjh0Ip.png) - 常見username ``` admin administrator root admin123 user master test testadmin tester guest siteadmin ``` - payload 2 - [top1000passwd](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000.txt) - payload 3 - 透過intruder的recursive grep來在每次發送request時自動提交正確的CSRF token，若token不符會被偵測到 - recursive grep能夠從攻擊前的response中提取payload，利用此功能提取出CSRF token放到下次的request ![image](https://hackmd.io/_uploads/B1oQih0La.png) - 要將maximum concurrent request設成1 - resource pool --> create new resource pool ![image](https://hackmd.io/_uploads/B14Njn086.png) - 開始攻擊 ![image](https://hackmd.io/_uploads/SyCNjhRUT.png)