A Fuzzing Approach to Credentials Discovery using Burp Intruder

Password guessing against web-based applications typically relies on a pattern match of what a 'successful' login response looks like. It may also consider HTML status codes such as looking for a ë200 OK' server response. Armed with this information, the tester is able to begin processing hundreds...
Karl Dawson
October 29, 2009

All papers are copyrighted. No re-posting of papers is permitted