top of page

Bruteforce Attack using Burpsuite Intruder - Bug Bounty

In this post, I will show you how to test bruteforce vulnerability on websites login pages using Burpsuite Intruder.



1. Open website login page and enter any credentials

2. Enable proxy in the browser and Send the Login request to Burpsuite Intruder tab

3. Click on Clear and Add Payload Marker in password field by selecting password in that request

4. Open payloads tab and paste your 100 passwords

5. Add your correct password at the end

6. Now start the attack

7. If you receive any 429/400/502 errors or your account is locked, this means website have rate limiting security features.

8. For correct password you will see different status code or different length

So this is how you can test any login page for bruteforce vulnerability and report it. Sometimes this vulnerability is out of scope on bug bounty programs, so read policy and then report it.

782 views0 comments

Recent Posts

See All
bottom of page