burp suit 3 brutal force

click dvwa security, set security lowest

using burp default browser, login page get request is intercepted.

right click -> send to intruder

intruder tab, click clear$. highlight username and password, click add$

select attack type cluster bomb

add list for payload 1 and 2

the length of one attack is different than the rest

select response, render tab, to see login attack response

reference:

https://www.youtube.com/watch?v=2_lswM1S264

Installing Burp's CA certificate in Firefox

https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate/ca-cert-firefox