# 基於表單的暴力破解 - [[burpsuite]] - ### 使用burp suite來暴破 - 點選proxy  - 將intercept is off 點為開啟intercept is on  - 開啟靶機網址並開啟插件 - 輸入名稱和密碼 - 回burp suite - 成功攔截封包 - 抓到封包 ``` username=aa&password=111&submit=Login ``` ```http request POST /pikachu/vul/burteforce/bf_form.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 37 Origin: http://localhost Connection: close Referer: http://localhost/pikachu/vul/burteforce/bf_form.php Cookie: PHPSESSID=6m4k08cqecd45253041db2kk61 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 username=aa&password=111&submit=Login ``` - 破解開始 - 將攔截到的封包傳進intruder  - 進到intruder頁面，將username和password添加參數 - 選取參數後右邊點add，出現`$`代表成功  - Attack Type選擇Cluster Bomb - 添加字典 - 進到payloads頁面 - 先幫payload set 1 建立list  - 在幫第二個set建list - 點start attack  - 開始爆破 - 點選length查看哪些長度不同  - 點進去response看 - 點render - 可看見login sucess