Today we’re going to hack a router with client-side authentication using http traffic inspector (e.g. BURP Suite) and a browser. Many commercially available small-office and home routers perform authentication on the client-browser, which is weak and may be breached easily. This can be easily abused by attackers who can bypass the authentication and then attack the rest of the devices on the router’s network.
An adversary can reverse engineer the authentication mechanism by going through the source code in the browser. Being able to bypass the authentication on the router will allow an adversary to traverse the rest of the network, manipulate network configurations, and open up other access points including ports to direct traffic in and out of the network. Using BURP lets the user see and edit the requests and responses sent to and from the router’s web interface.
