0

I am doing the Broken brute-force protection, IP block lab Have been trying to figure out a way to make a script that does the pitchfork attack by using the fuzzer http sender js template but I have no idea how to.

tried using ZAP missing payload mode pitchfork [OWASP ZAP fuzzer header and body] (OWASP ZAP fuzzer header and body) but it has 2 payloads and from a file I selected from payload tab after you select it and use it on the highlighted words

how would you make the script and other question how would you do in 2 places like example username: calos
password: 123456

[screenshot of zap]the password and usernames(https://www.stackoverflow.com/)](https://i.stack.imgur.com/IDkl5.png)

boo123
  • 1
  • I believe this answer covers the lab you're talking about: https://stackoverflow.com/a/72112186/7718222 – kingthorin Mar 17 '23 at 00:37
  • One is set by the fuzzer one is set by the script. (Yes we know that's sub-optimal, fuzzer changes are on the way ). This is just a "works for now" kinda thing, until we can get those done (which is difficult with a small team). – kingthorin Mar 20 '23 at 19:31

0 Answers0