Closed KcanCurly closed 4 months ago
Yep, It is possible to run this tool against multi page navigation. Browser Bruter has dozens of switches for it.
Below are some of the useful references from documentation which tackles this issue - Custom Navigation using javascript - https://www.net-square.com/browserbruter/UsageManual/javascript.html Custom Navigation using python - https://www.net-square.com/browserbruter/UsageManual/pse.html --buttons-to-press - https://www.net-square.com/browserbruter/UsageManual/fuzzing.html#handling-basic-navigation-using---buttons-to-press-before-fuzz-option The Powerfull interactive mode - https://www.net-square.com/browserbruter/UsageManual/fuzzing.html#the-interactive-mode-using---interactive-switch
And for this particular PortSwigger's 2FA lab scenario, Give me some time, I will try to look into my self.
Hey @KcanCurly, I found the right command - python3 BrowserBruter.py --elements mfa-code --button submit --target https://<LAB-ID>.web-security-academy.net/login --cookie session:<COOKIE> --attack 1 --payloads mfa.txt --python "driver.find_element(By.NAME, 'username').send_keys('carlos'); driver.find_element(By.NAME,'password').send_keys('montoya');driver.find_element(By.XPATH, '/html/body/div[2]/section/div/section/form/button').click();"
Feel free to use further options such as threads and delay to control the attack.
@KcanCurly , Kindly give response whether the issue you were facing is resolved or not.
Yes it did! thanks.
Hello
I was doing a PortSwigger lab: Link, and i thought maybe i could use this tool for the lab. Situation is as follows: 1- We login to our account 2 - We brute force the 2FA code
Issue is, when we fail 2FA code twice, we are automatically logged out. In Burp Suite we can use macros to handle this problem:
On every example i saw on documentation this tool only worked on a single page. Is it possible to use BrowserBruter to handle the issue i am facing ?