![]() ![]() But what to do if the form requires some extra information? Given some heuristic clues, it would take a guess - it’s not too hard to come up with something that looks like a legitimate email, for example. Before recorded logins, Burp Suite would let you specify username/password credentials to use, and plug those into the form once it found it. Once we’ve found a form, how do we get in? We could go straight to brute force, but that seems like a waste of time and resources. If all these are identical, then the forms are probably the same anyway, just on different parts of the site, so we can use either one.As a tiebreaker, consider the number of fields on the form - again the login will likely have fewer options than the registration.If there are multiple forms with the same number of password fields, then the login form will be the one with fewer text fields - registrations might ask for additional information like your name or phone number.Pick the form with the fewest password fields, as a login will likely only have one password field, compared to a registration which will probably have two.Of course, we’ll find registrations that ask for a password as well, so once it’s found some candidate forms, Burp Suite’s got a simple heuristic to identify which one is the login: This isn’t too tricky, because we can just look for something like in the HTML, as there’s no reason for a site not to use a password type on a password field. When attempting to log in, the first step is to find a login form in the application. This is how Burp Scanner used to handle all logins, and it’s how it will still behave if you don’t supply a recorded sequence. Let’s take a minute to look back and discuss how we can log in to a website without a recorded login sequence available. Login mechanisms vary a lot between websites, which is difficult for an automated scanner to deal with ![]() Logging in to appear as a bona-fide user is crucial to the Scanner’s ability to thoroughly test a website. Most sites will hide a lot of interesting functionality from unauthenticated users, and many will have several classifications of users (think user, admin, super admin, etc.). Recording a login sequence lets Burp Scanner mimic a user’s actions, interacting with the login process though Chromium exactly as they would. Newer versions of Burp Scanner use Chromium to render the site, executing the JavaScript to view the webpage as a user would. Older versions of Burp Scanner would just look at a site’s raw HTML to identify login forms, but wouldn’t be able to see logins on modern websites that use JavaScript to render their content. ![]() Burp Scanner has always been able to find and use simple login forms, but you can now record a more involved login process, and it’ll play the recording back to authenticate itself, letting it through to test all of your site. If you’re using Burp Suite to test your website, it’s probably got some way for users to log in - and chances are it’s more complicated than filling in a username and password and hitting submit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |