JsonSecurity /
simpleBruteforcePHP
This is a simple proof of concept of a brute force attack with Python on HTML and PHP login forms.
Loading repository data…
akshatmiglani / repository
This is a project to perform a BRUTE FORCE attack on a self hosted website to better the understanding of the importance of cybersecurity.
In this case, I, the attacker, try to access the administrator panel of the website using a list of common usernames and passwords. To carry out the attack, Burp Intruder is used to find firstly the admin username and after finding the username finding the respective admin password to view the dashboard for the website.
git clone https://github.com/akshatmiglani/Brute-force-for-login-bypass-on-a-local-website.git
cd Brute-force-for-login-bypass-on-a-local-website
pip install flask
python app.py
Launch Burp Suite and access the login panel in Burp Browser.
Make sure the intercept is on in Burp Suite and use any credentials to post a request.
Using the common usernames.txt of this repostiory, add this to the payload as a simple list and start the attack.
Sample bruteforce attack on username.
Observe that one status code is different than the others.
After finding out that “admin” is the admin username, we change the payload to the password parameter and apply brute force using password list to find the password.
Selected from shared topics, language and repository description—not editorial ratings.
JsonSecurity /
This is a simple proof of concept of a brute force attack with Python on HTML and PHP login forms.