This is truly a brilliant solution! I haven't downloaded the script, but you can display a suitable message and terminate the loop as soon as you get a 200 response (instead of 401) from the server.
Another way of solving it would be just generating list of potential passwords, then using md5sum on each of them and comparing results to the md5 hash of Amy's password (taken from the database).
this is great that you brought python to solve this challenge. unexpected! did you try turbo intruder in Burp? it's a free add-on and also uses python. it allows to do faster bruteforcing without throttling requests right inside Burp.
Haha, why unexpected? :) I have not thought of Turbo Intruder to be honest. I was actually thinking that Turbo Intruder is Burp Pro only, but I have just checked, it's not. Will definitely incorporate it into my videos next time!!
@@tanercoder1915 @Hacksplained I've updated the solution in gist, check it out. gist.github.com/pascalschulz/e4952c1961cd068d94b81c361fc2514a#gistcomment-3356442
This is truly a brilliant solution! I haven't downloaded the script, but you can display a suitable message and terminate the loop as soon as you get a 200 response (instead of 401) from the server.
Alternatively, I just checked the Github and found the password there, but your solution was way cooler to learn.
Another way of solving it would be just generating list of potential passwords, then using md5sum on each of them and comparing results to the md5 hash of Amy's password (taken from the database).
Yeap, Juice Shop often times offers multiple solutions, which is awesome!!
First viewer
Cheers Mate :)
this is great that you brought python to solve this challenge. unexpected! did you try turbo intruder in Burp? it's a free add-on and also uses python. it allows to do faster bruteforcing without throttling requests right inside Burp.
Haha, why unexpected?
:)
I have not thought of Turbo Intruder to be honest. I was actually thinking that Turbo Intruder is Burp Pro only, but I have just checked, it's not. Will definitely incorporate it into my videos next time!!
i'll try to look up your code. not familiar with async, just requests. and also please provide the solution sometime later too.
@@tanercoder1915 sure will do :) Will wait a bit first for a couple of folks to answer.
@@tanercoder1915 @Hacksplained I've updated the solution in gist, check it out. gist.github.com/pascalschulz/e4952c1961cd068d94b81c361fc2514a#gistcomment-3356442
Hot