Cracking Password of Website Using Response Header

0

Disclaimer

This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.

You can visit this link below, to try it by yourself:

https://hackme.kurniawan.ceo/

In this tutorial I will guide step by step how to crack password using response header. This might or might not work depending on the security of the website itself.

  1. You can try to send a random password
  2. Right click the page and go to “Inspect Element”
  3. Got to Network tab
  4. Click on the response recorded and go to “Headers” tab
  5. Pay attention to 3 important fields:
    • incorrect-diff
      • It means the difference of ASCII value between the real password and the password you inputted
    • incorrect-index
      • This means the position of the first incorrect character of the password
    • incorrect-length
      • This boolean value suggest whether the length of inputted password is same as the real password
  6. Through Brute forcing your way, you can find the password of the website.

Leave a Reply

Your email address will not be published. Required fields are marked *