hands-on lab

Dictionary Attacking a Web Application with Hydra and Burp Suite

Up to 2h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


In this lab, you will be attacking a Linux machine named Metasploitable, running the Damn Vulnerable Web App (DVWA). The DVWA is an open source web app written to be vulnerable to a host of different security exploits, designed for security professionals to practice their skills and conduct research.

You will be attempting a dictionary attack to discover a password using Burp Suite and Hydra. Burp Suite is a GUI tool for testing web application security. Hydra is a password cracking tool that attempts to crack passwords by sending either a dictionary of usernames and passwords at a login service or trying all possible combinations in a brute force configuration.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate how to use Hydra and Burp Suite to attack a web-based login service by performing a dictionary attack on the DVWA login web-app

Intended Audience

This lab is intended for:

  • Cyber and network security specialists


You should possess:

  • A basic understanding of Windows operating system environments

About the author

QA, opens in a new tab
Training Provider
Learning paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics

Lab steps

Starting the Cyber Network Security Lab Exercise