Module: Basic Auth #1143
Replies: 2 comments 1 reply
-
|
Just thinking about this module wouldn't it be an idea if it was built into the request helper (and httpx)? Therefore other modules that use the request helper wouldn't have to be modified. If the request helper runs into a 401 it could bruteforce the endpoint with a wordlist and save any valid credentials against the domain within the helper module offloading the logic from each individual module |
Beta Was this translation helpful? Give feedback.
-
|
This is a good idea, although currently we don't have a system to implement it cleanly. In the current system, the way to do it would be to consume URLs with the
With BBOT 2.0, we might have a better way to do this with module hooks. We might also replace projectdiscovery's httpx with a native python thing similar to what we're doing with dns, which would let us visit URLs individually instead of in batches. |
Beta Was this translation helpful? Give feedback.
-
|
I like this idea and this is definitely on my radar for the future. The only question is, how many user/pass combos should we try? I think striking the right balance there between making too many requests and trying enough common ones is important. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Courtesy of @j3tj3rk, it would be cool to have a module that tried common creds (admin/admin, etc.) against all the 401 pages.
Beta Was this translation helpful? Give feedback.
All reactions