I am having difficulty with Using Web Proxies: Burp Intruder
The question reads as: Use Burp Intruder to fuzz for ‘.html’ files under the /admin directory, to find a file containing the flag.
I believe that I have been following the instructions as suggested… however, I cannot seem to do it correctly. Any help/suggestions/hints are all great appreciated. I will attach some screenshots to showcase what I have done, and maybe someone can point me in the right direction
You have the payload positioning wrong. The question says under the admin directory, so you might want to try it like: (sub $ for the payload position symbol)
/admin/$$.html
Intruder will then take your payload which should be file names and insert them at the position with the .html extension.
Not a hundred percent sure, but I think the GET /success.txt is linked with an addon, or is noise from the vnc connection. I believe it can just be ignored.
-onthesauce
I took your advice and cracked it! Thank you very much for your response!
onthesauce for president
EDIT: For anyone who is stuck on this one, my hint is:
Use the payload as described in the exercise, but give it some time. However, for the positioning, do as onthesauce prescribed. If you set up burp correctly, you will find the page that comes back as 200 OK within 200 requests from the intruder on burp!
Good afternoon!I managed to find the admin 200 ok directory. Then I went to the site as indicated in the guide. And what to do next? How do I find the flag?
Hi, in Burp intercept that GET request and send to Intruder, then follow the instructions that onthesauce provided in earlier posts to place your payload correctly. If you use the wordlist mentioned in the “Payload Options” section of the module (just above the flag question), you will get a 200 response within a few minutes, the flag is on that page.
After waiting for over 30 minutes for Burpsuite to do its thing, I tried the same request in Zap and it worked instantly. Not sure if I did some noob mistake or there is a bug somehow, but the request looked exactly the same to me, as shown in the image.
Same here. This is another absolute ■■■■ module. The answer is supposed to be /admin/2010.html, but whatever you try, you will not get it working via burp. They really need to update this ■■■■.
Burp CE is ridiculously slow for this. Just use something simple like ffuf to get it done quickly. As long as you understand the process of setting up intruder I think youll be good to use something quicker for this task. Pick a good File wordlist and append ‘.html’ to the end.