i wanted to know can we bruteforce the login page of a website ? by directly using a program instead of capturing the get request and fuzzing it i feel the parameters are not well defined for many websites so i wanted to ask if this is possible . if possible what can the speed to the brureforce be
if possible what can the speed to the brureforce be?
It depends on your internet speed, the method you use for bruteforce (example: parallel bruteforce as I call it with the help of threats, proxies etc.), what are the protections your target uses (example: cloudflare), etc.
by directly using a program instead of capturing the get request and fuzzing it i feel the parameters are not well defined for many websites
You can easily do that with the help of burp.
Most of sites use specific login tags, like username,email,password, etc.
So one solution is to make a program that detects what are the tags that your target uses.
1 Like
Well I tried capturing the get request but it did not work
You should be able to capture the request, use FoxyProxy on your browser to send requests to Burp or ZAP and ensure intercept is enabled. After which, you can test the login form by sending some test credentials.
After intercepting the request, you will need to send the request to the repeater.
This video explains the process: Web App Penetration Testing - #3 - Brute Force With Burp Suite - YouTube
1 Like