17 Jun 2019

Attacking basic authentication

The GET request of basic authentication is base64 encoded.

Example: Authorization:BASIC blah43234343==

Burp can decode this if you can get in the middle.

Also, you can configure burp to brute basic auth using intruder; just remember to add the payload processing rule to change the list you are using into base 64 on the way out.

Chad Duffey

Security Engineer