Authentication Bruteforce
Wordlist
Brute forceWfuzz
-d option allows you to fuzz content that is sent in the body of a POST request
--hc option hides responses with certain response codes
-H option lets you add a header to the request. Some API providers may respond with an HTTP 415 Unsupported Media Type error code if you don’t include the Content -Type:application/json header when sending JSON data in the request bod
Intercept an authent request and adapt the command
Password Spraying
Use Burp Intruder
Email EnumerationUsername listsLast updated
Was this helpful?