Authentication Bypass {username enumeration}
To find authentication vulnerabilities, one useful step is to create a list of valid usernames for a target website.
You can do this by exploiting error messages on the website's user registration page.
For example,
when you enter the username "admin" and fake information into the registration form, you might receive an error message saying, "An account with this username already exists."
You can use this error message to identify valid usernames already registered on the system.
To automate this process, you can use a tool called "ffuf." Here's how you can use it:
Specify the location of a text file (e.g., names.txt) containing a list of usernames you want to check.
Set the request method to POST (the default is GET).
Define the data to be sent in the request, including the "username" field, with "FUZZ" as a placeholder for the usernames from your list.
Add the "Content-Type" header to indicate that you're sending form data.
Specify the URL of the website's registration page.
Specify the text to look for on the page that indicates a valid username, such as "username already exists."
After running this command, ffuf will check the usernames from your list against the website and identify valid usernames based on the error message.
Remember to create a file called "valid_usernames.txt" and add the discovered valid usernames to it for further use.
You can use this method to collect a list of valid usernames for security testing and assessment purposes.