However, Turbo Intruder is a beast on another level. Meanwhile, the Burp Pro version provides a decent speed Burp Intruder, which is suitable for daily usage. The time you waited for finishing a 1000-request brute-forcing attack can make you grow out some gray hair, slow and anxious. The first impression of this community edition Intruder is: It has really low RPS (Request Per Second). The Burp Suite community edition comes with a "lite" version of Burp Intruder. Basically, anyone who knew Burp extensions should have heard the name of Turbo Intruder. It's one of the most (if not the most) popular Burp extensions. Knowing how to use those extensions will make you feel like a pro. That's right, some powerful Burp Suite extensions can make the free community edition as good as the Burp Pro version.
To collect employee names with Burp, you’ll need to do the following steps.You should have noticed the pun in this post title 😉.
You may be able to discover the username format by analyzing the metadata of documents posted to a company’s public web sites as described here. You can then massage these employee names into any username format. One easy way to gather employee names is to use a Burp Suite Pro extension with a little Python script as described in this blog.
3) It doesn’t miss results that don’t have the pipe symbol in the results, such as those that end in “…” 4) It gets rid of extra junk at the end of the name, like “, CPA” or “, CISSP” 5) It includes which LinkedIn site the name is from (The usernames may come in handy for performing a password spraying attack for example. This provides the following improvements over what I blogged about here: 1) The output is tab delimited and imports into Excel much cleaner 2) It avoids duplicates for the most part. *UPDATE: I’ve improved on the “Gathering Contacts with Burp” method by creating a dedicated extension.
0 kommentar(er)
