Dictionary Attacking a Web Application with Hydra and Burp Suite
In this lab, you will be attacking a Linux machine named Metasploitable, running the Damn Vulnerable Web App (DVWA). The DVWA is an open source web app written to be vulnerable to a host of different security exploits, designed for security professionals to practice their skills and conduct research.
You will be attempting a dictionary attack to discover a password using Burp Suite and Hydra. Burp Suite is a GUI tool for testing web application security. Hydra is a password cracking tool that attempts to crack passwords by sending either a dictionary of usernames and passwords at a login service or trying all possible combinations in a brute force configuration.
This lab is part of a series on cyber network security.
Learning Objectives
Upon completion of this lab you will be able to:
-
Demonstrate how to use Hydra and Burp Suite to attack a web-based login service by performing a dictionary attack on the DVWA login web-app
Intended Audience
This lab is intended for:
- Cyber and network security specialists
Prerequisites
You should possess:
- A basic understanding of Windows operating system environments
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.