today i will show you how to do password test via your web browser
well this is via mozilla oriented web browsers e.g Ice weasel (comes on kali linux) and firefox(there other variants---dont use em though) and OWASP Mantra browser
so firstt you will need to grab some tools for your hack to be effective.....here is my collection that i add incase i dont wanna use the whole mishap of OWASP mantra(not that its bad but on FreeBSD its a bitch compiling linux enabled modules on it withouth a fit on 32->64 bit architectrue)
Pentest Tools for your Browser
then add the tools/tool (fireforce) and here on then we can work with that .... note this is not only useable on gmail... alot of things including weblogin forms such as WordPress/Joomla/Cpanel are supseptible to bruteforce attack....
so what we do first after installing from the collection is navigate to the desired page being:
gmail.com >>note this is entirely for educational purpose and this is done under your own peril
gmail.com >>note this is entirely for educational purpose and this is done under your own peril
so after install and navigating we get this
so we enter our email/victim [junio1234junio] is not real :P
then we enter a fake password to generate an error that will be very helpful
now we right click on the password box to get the following fireforce plugin/extension
here we get a chance to select the wordlist file which we may have downloaded or created
next step is to add the error we logged when put a wrong password
and after that... we click save
and there goes nothing.... we attack/ oops test
and done password found :)
So what if i dont have a password/wordlist/dictionary list/file? well on many occasions one might not have them thats where fireforce comes in with a good method to create passwords on the test/attack using various character sets e.g a-z [lowercase] , A-Z [uppercase] ,0-9 [duuuh] mixed case> aA-Zz and others... research for yourself :)
I have tested this in various web apps and its not funny.... it works.... well in most of them... anyway to combat these:
CAPTHA---- yes it helps
Other verification methods e.g Text very HELPFUL
CAPTHA---- yes it helps
Other verification methods e.g Text very HELPFUL
CIAO happy hunting :)
