pierre Posted October 24, 2016 Share Posted October 24, 2016 Hello, I have follow step by step this documentation to make a bruteforce on a login page: https://support.portswigger.net/customer/portal/articles/1964020-using-burp-to-brute-force-a-login-page I use a 10,000 entries dictionary. At first, brutefroce is very fast (4/5 request/second) But as long as the bruteforce occurs, each request takes more and more time to reach the webserver... I use 2 VirtualBox VM. My host is 8gb, 4gb is dedicated to a guest and 1gb to the other. I would like to know it is normal ? Or is it attacker problem ? Webserver problem ? Host technical configuration problem ? Tks Quote Link to comment Share on other sites More sharing options...
digininja Posted October 24, 2016 Share Posted October 24, 2016 Free or pro version of burp? Quote Link to comment Share on other sites More sharing options...
Dec100 Posted October 25, 2016 Share Posted October 25, 2016 I think Digininja has it. The free version is throttled, I believe. Quote Link to comment Share on other sites More sharing options...
pierre Posted October 25, 2016 Author Share Posted October 25, 2016 19 hours ago, digininja said: Free or pro version of burp? I use the free version 6 minutes ago, Dec100 said: I think Digininja has it. The free version is throttled, I believe. I have read bruteforce is slower than the pro version, but here it appears slower and slower as the bruteforce occurs.. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 25, 2016 Share Posted October 25, 2016 Read up on your tools, intruder on the free one degrades more and more over time. You are seeing expected behaviour. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted October 25, 2016 Share Posted October 25, 2016 Build the attack your self. Its a lot of fun to learn this stuff.. you can use curl or libs for perl, python and ruby... Learn why a firewall might ip ban you... Quote Link to comment Share on other sites More sharing options...
pierre Posted October 26, 2016 Author Share Posted October 26, 2016 On 25/10/2016 at 11:08 AM, digininja said: Read up on your tools, intruder on the free one degrades more and more over time. You are seeing expected behaviour. I didn't read it, thank, Burp normal behaviour so.. 21 hours ago, i8igmac said: Build the attack your self. Its a lot of fun to learn this stuff.. you can use curl or libs for perl, python and ruby... Learn why a firewall might ip ban you... Yes I should.. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted October 26, 2016 Share Posted October 26, 2016 I can provide a few basic examples you could modify. What service login? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.