[Owasp-testing] Hydra - Brute Force HTTP Digest Authentication?

Zaki Akhmad za at owasp.org
Thu Aug 11 04:38:53 EDT 2011


Hi all,

I am experimenting doing brute force using Hydra[1]. I've tried brute
forcing HTTP basic authentication using Hydra and it was succeed. I
found OWASP Testing had mention about this[2] but unfortunately I
didn't found on how to brute force HTTP digest authentication.

Can Hydra do that?

[1]http://thc.org/thc-hydra/
[2]https://www.owasp.org/index.php/Testing_for_Brute_Force_(OWASP-AT-004)#Brute_force_Attacks

Thanks!
-- 
Zaki Akhmad
OWASP Indonesia Chapter Leader
http://www.owasp.org/index.php/Indonesia


More information about the Owasp-testing mailing list