Authentication Flaws: Forgot Password

Goal

The goal is to  to retrieve the password of user "webgoat", instead of manual guess we will use Burp suite perform Brute Force Login Attacks 

Step by step Guide

1. Start Burp suite and turn on intercept.

2. Enter user webgoat and then answer the secret question… here we will add test as answer just to use it request as template to create an attack


3. Next forward request till you see "color=test&SUBMIT=Submit", then send the request to intruder. 

4. Create new attack, but first set the payload location.

5. Next set payload, here we will simply add word list with all possible colors 

6. Start attack, here we see only request 6 (red) has fewer word count, open to check the request response. 

We can see from response pape that red is the answer to the secret question. 

 

Please publish modules in offcanvas position.