# Username Enumeration via different responses ![](/files/-MEcfyp5SkvNY8ektBZ8) This lab can be solved using Burp Suite's intruder to perform a brute-force attack. Using burp interception, we first input some random credentials and try to login on the website, noticing the "Invalid username" error. ![](/files/-MEci5t4C6saYYOzep6n) On burp, we send the intercepted response on the login form to intruder. ![](/files/-MEciPaQfjRAdgZ069VQ) The first step is to find the correct username, so we just run an attack with the usernames wordlist provided. ![](/files/-MEckCCrnO5FStHqhnG5) ![](/files/-MEckRN91QfEyJbAX3jX) Having found our username, its time to find the correct password. The process is the same, but instead we use the correct username in the "Username" field and select the password field as our attack field, alongside the passwords wordlist. ![](/files/-MEckzCbJYbJeq8FUIld) This time, instead of only looking at the length, we are also looking for a different status response. Every query will return a "200" status response, so we are looking for a "302" which means a URL redirection happened, or in other words, we were able to login. ![](/files/-MEcmNM_HgI7LFUcXj19) Using our brute-forced credentials we are able to login and complete the lab. ![](/files/-MEcmiWu1t5mp9QN26Nr) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://666isildur.gitbook.io/ethical-hacking/web-app-pentesting/authentication/vulnerabilities-in-password-based-login/username-enumeration-via-different-responses.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.