Click on this Open Embedded Browser button and use the embedded browser to visit our pikachu.
Click on Brute Force on the left-hand side, under --- Form-based Brute Force.
Just type in your username and password and go back to Burpsuite and you'll see that you've already captured the outgoing request packet, and it has the username and password in it.
Right-click on the packet request below, and in the shortcut menu that pops up, select Send to Inturder, which is the Inturder tab at the top.
Note that the word "send to" may be "send to", but different Chinese versions have different effects, so it doesn't matter if you have a different version than me, it's the same thing.
Or you can just press ctrl + i. It works the same way. When you send it, the Inturder will light up and you'll see an extra one when you click on it.
You can see the username and password sent out below as well
Click on the Clear Payload Locations button on the left, then select the username and click on the Add Payload Location button.
This is what it looks like when you're done adding it
I have both username and password checked, so I'm gonna have to change the attack type.
Click on the Select Attack Type button above and select Cross in the pop-up drop-down menu Multiple Payload Sets
Click the payload tab next to the location to set the dictionary
Click the Load from file button below to select the desired dictionary file.
Of course we can also manually enter
Enter the password you want to add in the text box below and click the Add button on the left to add a customized list item.
Here I used the load from file
Click on the payload set above and select 2 from the drop-down menu on the right.
Also add the corresponding dictionary below
Click the attack button on the right
A new window will pop up.
Wait for the progress bar below to finish
You can adjust the order of the corresponding lengths and response times on the left to find them, or you can double-click to find them in a pop-up window.
Click on the Response tab on the left and select Page Rendering from the sub-tabs below.
Click on the Previous Next button on the left to find it.
Until the word login success appears at the bottom
The payload at the top of the page will be the exploded username and password.
