■ ■ ■ ■ ■ ■
Doc/Http and Web Form bruteforcing.md
1 | 1 | | # Http and Web Form bruteforcing |
2 | | - | One of the many Taipan addOn, allows to execute an HTTP of Web Form authentication bruteforcing. In this page we will see how to customize this process. |
| 2 | + | This AddOn allows to execute an HTTP or Web Form authentication bruteforcing. In order to do so it verify the response code (in case of HTTP bruteforcing) or use a custom heuristic in order to identify if the page returned an authenticated content or not (in case of Web Form authentication). |
| 3 | + | |
| 4 | + | Under the folder _Data\AddOnStorage\Web Form Bruteforcer AddOn_ you will find three XML files (the file format is self explanatory): |
| 5 | + | * **Combinations.xml** contains the combination of user/password to use. This is useful to test for default account |
| 6 | + | * **Usernames.xml** contaions the list of username to bruteforce. It is suggested to not include a long list, since for each username the entire password list is used in order to bruteforce it |
| 7 | + | * **Passwords.xml** contains the password to use in order to bruteforce all usernames |
| 8 | + | |