# Brute Force Attack
## **Introduction**
A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords again and again until it gets in.
## How to Test
Using Burpsuite, capture the login request.
Select the payload type and add the payloads contains possible combination of letters, numbers, and symbols to the list.
With the payloads it tries to login to the site until it found the right one.
Here we can find, for the correct password the length and status of the response changes.
## How to Fix
### Captcha Implementation:
A CAPTCHA is normally intended to ensure that 'user' input is from a real person. It could help to prevent automated attacks against a website login mechanism.
```
```
### Throttling:
The Throttler class provides a very simple way to limit an activity to be performed to a certain number of attempts within a set period of time. This is most often used for performing rate limiting on API’s, or restricting the number of attempts a user can make against a form to help prevent brute force attacks. The class itself can be used for anything that you need to throttle based on actions within a set time interval.
```
$throttler = \Config\Services::throttler();
$throttler->check($name, 60, MINUTE);
```
## References:
1.
2.
3. [https://webdesign.tutsplus.com/tutorials/how-to-integrate-no-captcha](https://webdesign.tutsplus.com/tutorials/how-to-integrate-no-captcha-recaptcha-in-your-website--cms-23024)[recaptcha-in-your-website--cms-23024](https://webdesign.tutsplus.com/tutorials/how-to-integrate-no-captcha-recaptcha-in-your-website--cms-23024)
4.