Username Enumeration in Mutillidae using Burpe Intruder
Username Enumeration in Mutillidae using Burpe Intruder Mutillidae is a free, open source, vulnerable web-application providing a target for web-security tester. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. Username Enumeration :- We have an application that will reveal to us when a username exists on the system which can be used in further step like brute-force account. In Mutilliade login page , when you provide valid username & invalid password , web-application reply us that password incorrect. When we provide invalid username ; then application tell us that Account does not exist. So by monitoring web-application message one can know that username is valid or not. First we will examine source code of page ; when we provide valid username reply is "var lAuthenticationAttemptResultFlag = 1" & when we provide invalid username reply is "var lAuthenticationAttemptResultFlag = 0" var lAuthenticationAttemptResultFlag = 1 I...