incorrect status code displayed in password guessing attack using burp suite

Asked Apr 07 '21 at 11:42

Active Apr 07 '21 at 11:42

Viewed 530 times

would anyone please take a look at the image of my burp suite result. I am learning how to brute force password guessing attack for penetration testing subject. Assuming test and test is the correct username and password, but as attacker they do not know it. So, when attempting brute force, it should display 302 status code instead of 200. I understand that 200 would means "username and password does not match". And 302 would means it matches, so how is it that my result shows all in contrast?

I should be expecting to get 302 for the request i have labeled in red, right? While the other requests should all be 200?

Burp Suite Results Image

asked Apr 07 '21 at 11:42

Skyb

You have it backwards. The `200` statuscode means OK. The `302` statuscode is a temporary redirect. Most likely back to the same logon page because the logon failed. – Lieven Keersmaekers Apr 07 '21 at 18:20
@LievenKeersmaekers Meaning my brute force did actually detected the correct username and password by showing statuscode `200 OK` ? – Skyb Apr 07 '21 at 19:07
Yes, likely. Try them and see for yourself – Lieven Keersmaekers Apr 07 '21 at 19:31
@LievenKeersmaekers Got it! Thank you so much ! ;) – Skyb Apr 08 '21 at 03:18

incorrect status code displayed in password guessing attack using burp suite

0 Answers0