Burito is a Hydra-like tool allowing you to audit Web applications using forms with server-side generated parameters.
Feel free to use it (GPLv3) for non-commercial use and report any bug as soon as you experience it.
(...)
< input type="text" name="login" value="">
< input type="password" name="password" value="">
(...)
Command line
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password
Same code as previous example.
The actual login form is only accessible for authenticated users.
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --cookie="SESSIONID=ab7cde9c"
Same code as previous example.
If we know that the actual password only contains digits and the length of the password is 4 then :
python burito.py --brute --min=4 --max=4 -u "http://www.example.com/login.php" login=admin --p=password --cookie="SESSIONID=ab7cde9c" --Charset="[0-9]"
Same code as previous example.
Some web apps check the User-Agent and redirect scripts if it doesn't fit a proper User-Agent.
Per default, User-Agent is : "Burito Scanner"
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --user_agent=="My Specific User Agent"
Imagine a form containing this :
(...)
< input type="text" name="login" value="">
< input type="password" name="password" value="">
< input type="hidden" name="csrf_token" value="ab7def894bcd24">
(...)
Some parameters can be generated directly when form got loaded. Burito script is connecting to the page, gathering all the informations (cookies, forms inputs..) and creating the specified request.
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --user_agent="My Specific User Agent" --g
During my audits, I got confronted with some web applications redirecting people (HTTP Redirect 302) when the login failed. However, with Python, if the status code is not a 200, it's raised as an exception. An option has been implemented to manage those status code.
Use case : When login failed, redirect user to /loginForm
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --status-code=302
If I want to continue with different status code, just separate them with a comma ','
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --status-code=302
If you're machine looks like a Super Cosmic Monkey, you can specify the number of threads you want to run on the machine.
Example : 50 threads ?
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --t=50
You can specify a file where you want to log the ouput.
If none, it will be displayed in the terminal itself.
python burito.py --dico --file=passwords.txt --u="http://www.example.com/login.php" login=admin --p=password --log=SessionExample.com.txt