Brute Force Router Password using BurpSuite

Burp suite has always been used to burst a variety of forms used to submit the login authentication, today I am going guide you how to use the Burp Suite to brute force HTTP Basic authentication.

HTTP Basic authentication

HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID and password) from the client. The client passes the authentication information to the server in the Authorization header. The authentication information is basically 64-bit encoded.
Let us give an example below to specify, assuming that we request the username and password are admin, you first need to Base64 username and password encoding:

Base64('admin:admin') = YWRtaW46YWRtaW4=  

Our authentication request is:

Authorization: Basic YWRtaW46YWRtaW4=


  1. Open BurpSuite and setting browser proxy
  2. Intercept “Authenticate Request”
  3.  Choose “Send to Intruder”
  4. Setting payload position
  5. On Payload tab, set as below
  6. Choose your wordlists. You can download wordlists here.
  7. Start Attack
  8. Filter the resultDecode base64