WAP: Using Curl to fetch webpages from a cli/shell

From a shell type the following: curl -v -X GET 'https://www.google.co.za' This will use the -v flag to ensure the connection attempt returns results verbosely, and the -X is to specify the verb to be used. You can also try using other verbs: curl -v -X HEAD 'https://www.google.co.za' curl -v -X POST 'https://www.google.co.za' The results… Continue reading WAP: Using Curl to fetch webpages from a cli/shell

WAP: Bruteforcing an HTTP forms auth login page using Burpsuite

You need to firstly make sure that your proxy settings are correctly set to the localhost with port 8080: Open up Burpsuite and ensure that the intercept option is turned on: Now open up the website you are targeting and type in anything in the username and password fields and clicking on sign in (you… Continue reading WAP: Bruteforcing an HTTP forms auth login page using Burpsuite

WAP: Creating a password list/file using Crunch (or Burpsuite)

In one of the courses I am busy with there was a requirement to create a password file to use during a brute force attempt - and the hints given were that the password is 5 characters and that it uses only q,w,e. So from a shell on a Kali machine type the following: crunch… Continue reading WAP: Creating a password list/file using Crunch (or Burpsuite)