Munga Bunga's HTTP Brute Forcer is a utility utilizing the HTTP protocol to brute force into any login mechanism/system that requires a username and password, on a web page (or HTML form).

In simple terms, if you can access an account on the web, by entering a username and password (or more), then you can brute force into that account, using this utility.

Brute Forcing is the process of trying various passwords from a dictionary file (automatically), for a given username, until the password matches the username.

This method can sometimes be very effective. When you combine the power of brute forcing, with the functionality of the program, then you end up with a tool which can be used for breaking into emails, affiliate programs, web sites, (any web based accounts), launching DoS attacks, flood emails, flood forms, flood databases and all that your imagination can extend too! However, you should note that DoS attacks and flooding activity is not supported or documented in the documentation. The utility only supports Brute Forcing (documentation wise). It can be used for other purposes, if you know how to write the definitions to drive those forces.

Definition Files are files ending in the .def extension, and contain information about a particular server, and the data to submit to it. Definition files are typically written by users. They are used to extend the power and capability of the program, based on your own definitions. However, the software comes bundled with some definition files.

It's a Brute Forcer, which uses the HTTP protocol to establish its connections. In English, this means the program tries various passwords for a given username (called brute forcing) and verifies whether those passwords are correct for the given username within the HTTP protocol (meaning, via web page connections).

You can hack into any form you see on the Internet, this means any web based email account like Hotmail, Yahoo, Excite etc… or even affiliate accounts like AllAdvantage, GoToWorld, LinkExchange, or even actual Web Sites and many more. Basically, any thing that can be entered via a HTML form with a password and username, you would be able to brute force into with my program. The sky is the limit, it can even be used as a DoS (Denial of Service) program but I do not encourage such behavior and shall not be held responsible for your illegal doings.

Basically, you must have a password file in order for the program to attempt, and try to enter the account(s), with the specified passwords. I included the pass.lst file for a small password list sample. Typically you would want a larger password files if the pass.lst doesn't work for you. More passwords files can be located at The Hackology Network or directly at http://packetstorm.securify.com/Crackers/wordlists/.

In addition, you must have a definition file for the form you want to crack into. Now I have written definition files for some forms, like the hotmail login form and some others. However, if you need to crack into another server/form, then you would need to write your own definition file. Writing definition files are explained later in this document.

A listing of some unique and nice features of this utility.

• Multi-threaded support, up to 10 threads at once can be run. Making the speeds very fast across some servers.
• Hack while you sleep. If you disconnect from the internet, it automatically reconnects and resumes its processes.
• Definitions files. Making the software customisable and powerful.
• Many more, in the Manual.
  
  

Homepage: http://www.hackology.com/