Results 1 to 2 of 2

Thread: Looking for a special kind of Bruteforce tool.

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    3

    Default Looking for a special kind of Bruteforce tool.

    I have been running into this issue more and more lately during pentests.

    Network Appliances with web interfaces where a client-side javascript mangles the login credentials before posting. I haven't been able to locate a tool capable of bruteforcing logins in this situation. I have written a script on a few occasions to deal with the issue, but I can't help, but think that someone might have addressed this issue.

    What say the hivemind, is there something out there I could be using to make my pentests more efficient?

  2. #2
    Junior Member jirtos's Avatar
    Join Date
    Jan 2011
    Posts
    28

    Default Re: Looking for a special kind of Bruteforce tool.

    Quote Originally Posted by crankenstein View Post
    I have been running into this issue more and more lately during pentests.

    Network Appliances with web interfaces where a client-side javascript mangles the login credentials before posting. I haven't been able to locate a tool capable of bruteforcing logins in this situation. I have written a script on a few occasions to deal with the issue, but I can't help, but think that someone might have addressed this issue.

    What say the hivemind, is there something out there I could be using to make my pentests more efficient?
    I am not rly sure, what do u mean with "mangles login credentials", but for a long time i use win32 app called Brutus, because back in the days, THC-Hydra didnt know a lot methods to work with and i am not rly sure if they updated it -> for web interface Brutus provides: HTTP-GET, HTTP-PUT, HTTP-HEAD for HTTP(Basic Auth); HTTP-GET and HTTP-PUT for HTTP (Form) and of course there is simple way to define own sequence (meaning your own authentication phase and Response phase). i just used that toll this day again and it still works as expected.
    Last edited by jirtos; 03-11-2011 at 12:06 AM. Reason: for lack of time earlier i needed to add more info

Similar Threads

  1. How to know what kind of login?
    By giansbu in forum Beginners Forum
    Replies: 2
    Last Post: 02-16-2010, 12:55 PM
  2. looking for special exploit or video of one
    By webtrol in forum OLD General IT Discussion
    Replies: 0
    Last Post: 07-30-2009, 01:46 AM
  3. What kind of connector
    By kjellvidar in forum OLD Newbie Area
    Replies: 15
    Last Post: 06-10-2008, 11:30 PM
  4. What kind of a learning curve am I looking at?
    By BigTone in forum OLD Newbie Area
    Replies: 29
    Last Post: 12-02-2007, 09:07 AM
  5. What kind of cards do i have?
    By countryboy in forum OLD Newbie Area
    Replies: 3
    Last Post: 09-27-2007, 10:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •