Forum Thread: Help with Brute Force HTTP Site with View State Enabled

Hello! First and foremost, this is a friends site who has asked me to see if i can get thru. There are no inappropriate intentions. Having said that, i usually have no problems with BF attacks. This site has View State enabled which has been causing a lot of problems. I thought i only needed to find the username and pass for a BF attack (which i have narrowed down a lot). Been trying to do research online to find an answer but striking out a lot. I saw online that view state and event validation don't mitigate BF. Still, pretty much completely unsure how to go about this (do i need to BF the view state values, if at all?), so any help would be much appreciated!

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active