hands-on lab

Dictionary Attacking a Web Application with Hydra and Burp Suite

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

In this lab, you will be attacking a Linux machine named Metasploitable, running the Damn Vulnerable Web App (DVWA). The DVWA is an open source web app written to be vulnerable to a host of different security exploits, designed for security professionals to practice their skills and conduct research.

You will be attempting a dictionary attack to discover a password using Burp Suite and Hydra. Burp Suite is a GUI tool for testing web application security. Hydra is a password cracking tool that attempts to crack passwords by sending either a dictionary of usernames and passwords at a login service or trying all possible combinations in a brute force configuration.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate how to use Hydra and Burp Suite to attack a web-based login service by performing a dictionary attack on the DVWA login web-app

Intended Audience

This lab is intended for:

  • Cyber and network security specialists


You should possess:

  • A basic understanding of Windows operating system environments
About the author
Training Provider
Learning paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics
Lab steps
Starting the Cyber Network Security Lab Exercise