Using Wb Proxies - Burp Intruder

Hi all,

I am having difficulty with Using Web Proxies: Burp Intruder

The question reads as: Use Burp Intruder to fuzz for ‘.html’ files under the /admin directory, to find a file containing the flag.

I believe that I have been following the instructions as suggested… however, I cannot seem to do it correctly. Any help/suggestions/hints are all great appreciated. I will attach some screenshots to showcase what I have done, and maybe someone can point me in the right direction :slight_smile:

I am not sure if I am doing this correctly…

Is it supposed to take this long?

Another interesting thing I found…

I hope that I made my question clear enough! Let me know if I can provide anymore information <3

Best,
Jesse

2 Likes

Hey!

You have the payload positioning wrong. The question says under the admin directory, so you might want to try it like: (sub $ for the payload position symbol)

/admin/$$.html

Intruder will then take your payload which should be file names and insert them at the position with the .html extension.

Edit
Think of it like:
/Directory/File.html

5 Likes

Not a hundred percent sure, but I think the GET /success.txt is linked with an addon, or is noise from the vnc connection. I believe it can just be ignored.
-onthesauce

1 Like

Hey!

I took your advice and cracked it! Thank you very much for your response!

onthesauce for president :grin::metal:t3:

EDIT: For anyone who is stuck on this one, my hint is:

Use the payload as described in the exercise, but give it some time. However, for the positioning, do as onthesauce prescribed. If you set up burp correctly, you will find the page that comes back as 200 OK within 200 requests from the intruder on burp!

1 Like

Good afternoon!I managed to find the admin 200 ok directory. Then I went to the site as indicated in the guide. And what to do next? How do I find the flag?

Hi, in Burp intercept that GET request and send to Intruder, then follow the instructions that onthesauce provided in earlier posts to place your payload correctly. If you use the wordlist mentioned in the “Payload Options” section of the module (just above the flag question), you will get a 200 response within a few minutes, the flag is on that page.

After waiting for over 30 minutes for Burpsuite to do its thing, I tried the same request in Zap and it worked instantly. Not sure if I did some noob mistake or there is a bug somehow, but the request looked exactly the same to me, as shown in the image.

Same here. This is another absolute ■■■■ module. The answer is supposed to be /admin/2010.html, but whatever you try, you will not get it working via burp. They really need to update this ■■■■.

1 Like

Yes This is Not fair By Htb
They know how slow is burp community editon who will fuzz till

2010 numbers

Tnx @ Tunist

1 Like

You could always give Burp Pro a go. They have a 30 day free trial :slight_smile:

Burp CE is ridiculously slow for this. Just use something simple like ffuf to get it done quickly. As long as you understand the process of setting up intruder I think youll be good to use something quicker for this task. Pick a good File wordlist and append ‘.html’ to the end.