Logical Bruteforcing

Open burpsuite

Start monitoring requests

Enter mobile number of victim

Enter random OTP once and click login

Find the request with the OTP and Mobile number going to checkOTP.php

Send it to Burp Intruder

Remove all $$ and add them to OTP POST parameter value using add button

OTP=$586$

Choose attack type sniper

Goto payloads and in Payload Sets, Click on Dropdown next to Payload Type. Choose Numbers

In payload options -> Form -> Put 100

And in To -> Put 999

In Step -> Put 1

Go to intruder options and scroll down to Grep Match

Click on the “Flag….” checkbox

Add the keyword “userdetails.php”

Make sure to uncheck “Exclude HTTP headers”

Start the attack

The responses with the keyword welcome in the response will be flagged

Check the flagged request OTP and use that OTP to login

Logical Bruteforcing

Step 1: Go to the hacking challenge (The URL will be different for each user). http://13.126.231.126/Brute-Forcing/Logical-Bruteforcing-Variant-3/

Step 2: Click on the dropdown arrow and choose any coupon.

Step 3: Now open Burp Suite and turn on the intercept.

Step 4: In the browser click on the ‘Submit’ button and intercept the request.

Step 5: Now send this request to Intruder(ctrl+i) and turn off the intercept.

Step 6: Go to the ‘Positions’ tab under intruder and clear all selected values by clicking on the ‘Clear All’ button.

Step 7: Now from the coupon=VOUCHER-a3f select the ‘3f’ part, and click on Add§ button It would look like this: coupon=VOUCHER-a§3f§

Step 8: Choose ‘Attack Type’ as ‘Sniper’.

Step 9: Now click on ‘Payloads’ tab. Choose payload set 1 Set payload type: Bruteforcer Set character set: abcdefghijklmnopqrstuvwxyz0123456789 Set max and min length to 2.

Step 10: Click on the ‘Start Attack’ button.

Step 11: Now sort the ‘Length’ tab in the new attack window created as ‘Intruder Attack’. You will be able to identify a few different length responses suggesting some coupons worked.

Step 12: The ones with different response length will have the correct coupon code so click on them and look at the request generated. From the HTTP request, copy the COUPON=[this].

Step 13: Use this coupon to apply the discount and you will get more discount than usual.