Sunday, May 1, 2016

How I recovered my "lost" password - Burpsuite

Ahhhhhhhhhhhhh, sometimes the thought of having to remember your password can be frustrating, as a result we do all types of things to bring convenience. In my case I stored it in the browser for one part of the site but could not remember it for the other. So what did I do?

I opened the page for which my password was stored, similar to shown below.



















Next, I loaded Burp,  enabled its listen proxy and configured my browser to use the local proxy which is now listening on 127.0.0.1 as shown below.

Burp listening proxy enabled



Firefox proxy configuration


































Now that the proxy is listening and my browser is configured, time to access the website where my password is currently stored. In trying to access the site, the first thing that occurs is a certificate error.




Once I acknowledge the error, my authentication attempt was sent to Burp as shown below.



Next step is to send the password to the "Decoder"

Next I navigate to the "Decoder" tab and "Decode as" URL



That's it!! I recovered my password without having to change it.


Reference:
Burpsuite

3 comments:

  1. right click inspect network on chrome ?

    ReplyDelete
    Replies
    1. Thanks for the tip! However, when I try to inspect the "password" field in Firefox, I see the field but not the value. Did I miss something?

      I did not try Crome.

      Delete
  2. This comment has been removed by a blog administrator.

    ReplyDelete