📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Burp

Setting up Macro for intruder

PreviousBurpNextCloud

Last updated 1 year ago

The provided text describes an advanced credential-stuffing attack using Burp Suite's Intruder and Macro functionalities. To execute this, follow these instructions:

Setting Up the Request Capture:

  1. Start by capturing a login request to http://10.10.129.2/admin/login/.

  2. Note the response, especially the session cookie and CSRF token, which are dynamic.

Configuring the Intruder:

  1. With the Burp Proxy, intercept and capture the login request.

  2. In Intruder, set up the attack:

    • Use the "Pitchfork" attack type.

    • Only select the username and password fields, leaving the session cookie and CSRF token fields unselected.

Loading Payloads:

  1. Go to the Payloads tab in Intruder.

  2. Load your username and password wordlists.

Setting Up the Macro:

  1. Navigate to the "Settings" tab and select "Sessions".

  2. Under "Macros," add a new macro.

    • Choose a GET request to http://10.10.129.2/admin/login/ from your history.

    • Name the macro appropriately.

Configuring Session Handling Rules:

  1. Under "Session Handling Rules," add a new rule.

  2. In the Scope tab:

    • Enable only for Intruder.

    • Set URL scope to "Use suite scope" or define a custom scope for http://10.10.129.2/.

  3. In the Details tab, under "Rule Actions":

    • Add the "Run a Macro" action.

    • Select the macro you created.

    • Specify to update only the "loginToken" parameter and the "session" cookie.

Launching the Attack:

  1. Return to Intruder and start the attack.

  2. Monitor for 302 status code responses; 403 errors indicate a problem with the macro.

  3. Sort responses by length to identify successful login attempts, which should be notably shorter

This lab Credit goes to Try Hack Me on Burp Intruder Page TASK 12: The Extra Mile.