Security for Web Developers: 13: Testing With Hydra

Hydra

First, be clear that there is more than one way to password-protect a website or a directory (folder) inside a website. One is to use a database management system to control what everybody sees. Another is to use simple htaccess files to require a password. Regardless, Hydra is an app to brute-force website logins, including just about any service you can get to over the Internet.

Assignment: First, watch this video.

Note that there are more videos in this series. Click the Youtube link to find them there.

There is also a nice tutorial with some insightful comments here:
http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html

Get Hydra. Fire it up. Does your site use passwords? Try some brute force on your login form.
https://www.thc.org/thc-hydra/

Next: https://schoolforhackers.com/security-web-developers-burp-suite/

One Reply to “Security for Web Developers: 13: Testing With Hydra”

Leave a Reply