Burp also provides character-level analysis, which reports on the degree of confidence in the randomness of the sample, through a graphical display. Token randomness analysis results ( click to enlarge )īurp automatically analyzes these aspects and generates this report in the sequencer tool. The screenshot in Figure 3 explains the results better.įigure 3. For this Burp Suite training tutorial, stop the scan midway and check out the results. You can pause or stop the analysis at any point. It sends requests to the target and gives detailed analysis of the randomness in the cookie tokens. The start capture action panel is depicted in Figure 2.
Start capture action panel ( click to enlarge ) After fixing these parameters, click START CAPTURE.įigure 2. This also applies to the token end panel, where you can set the delimiter, or specify a fixed length for the capture to start. You can either specify an expression such as “Google” or even set the offset from where the token has to start. The right side of the screenshot has the token start and token end expressions.
Token request using sequencer ( click to enlarge )įigure 1 shows a token request to the website. For this Burp Suite training tutorial, let us start with sending a request that contains a session token.įigure 1. Thus it is important to have a high degree of randomness in the session token IDs. Brute force attacks enumerate every possible combination for gaining authentication from the Web application. The Burp sequencer tool is used to check for the extent of randomness in the session tokens generated by the Web application.
0 kommentar(er)
