Penetrating Networks

0 %
Navid Fazle Rabbi
Sr. Security Researcher
Offensive Security Research
bKash Ltd.
Research Interest
  • 🔒 Web & Mobile AppSec
  • 💥 Side-Channel Analysis
  • 🤖 AI Attacks & AI Security
  • 🔗 Blockchain & Web3 Security
  • 🌐 Browser Security
  • 💻 Source Code Analysis
  • 🔐 Real-world Cryptograpy
  • 💣 Exploit Development
  • 🔄 Reverse Engineering
  • 🌐 IoT Security

Base64 Brute-Force

Many of the ways to log in use different ways to verify your identity. In most cases, systems use a simple login form where you put in your username and password to access the service. In this case, it's easy to brute-force our way into the system by using lists of usernames and passwords. But what happens when these usernames and passwords are filtered?

Some services base64 encode the username and password together and send the base64 encoded username and password over the Authorization request headers.

In this case, I tried to use a general brute-force method in which the username and password are first read from a dictionary. Then it is base64 encoded, and the authorization header uses the encoding to make brute force attacks work.

Follow the following usage:

python3 base64_bruteforcy.py [URL] [username.txt] [password.txt]

Dependencies:

  • The dictionary files should be in txt
  • Works for only GET request in this first version
  • Install the dependencies using - pip install -r requirements.txt
  • Language
    Python