Questions tagged [http-brute]
6 questions
4
votes
1 answer
Wireshark HTTP continuations (Hydra HTTP version)
I am trying to use Hydra to brute force a HTTP POST form page, however the page is returning a HTTP Continuation I'm not sure what that is.
This is being caused by the HTTP/1.0 at the top of the request. I'm not sure how to change it to HTTP/1.1…
sunny-lan
- 251
- 1
- 6
1
vote
1 answer
Suspiscious HTTP request to nginx server in server log, what is it?
I have an nginx server running an instance of and express/nodejs server.
I was going through the logs to see what was being requested, and I noticed a few normal attempts for common flaws in things like word press, but what has me concerned is:…
David Kamer
- 456
- 1
- 4
- 13
1
vote
1 answer
Hydra: Brute force an http form, all arguments are supplied but the login error has other string formats and is too big
I am using Hydra to brute force a login http form (Method: post), but I'm getting false positives (passwords that aren't valid)
I believe I know the reason, I just don't know how to handle it:
The failure of the request produces the following failed…
Murphy Adam
- 111
- 1
- 3
1
vote
1 answer
How to brute force HTTP Basic Authentication requested with XHR?
How can one brute force a website using HTTP Basic authentication using metasploit which uses XHR in background? I am getting error "No URI found that asks for HTTP authentication". Relevant headers are as below:
Authorization: Basic…
Krishna Pandey
- 1,497
- 1
- 16
- 26
1
vote
3 answers
Nmap http-brute - Supplying arguments for bruting via GET
I'm attempting to brute a site in my test lab with Nmap's http-brute nse, which has the URL structure https://192.168.101.6/api/auth?email=a@b.com&password=pass
Unfortunately Nmap's official documentation…
16b7195abb140a3929bbc322d1c6f1
- 3,334
- 4
- 15
- 20
0
votes
0 answers
Help with hydra https-post-form
I am doing portswigger labs with hydra https-post-form. I try to look for packets that don't have status code 200 OK, because when checked in burp my failed login with bad password and good username had status code 200 OK.
└─$ hydra -l activestat -P…
Zorot
- 1