This is login page in which we have to brute force valid username and password. To make our work easy username and password wordlists are given.

Fire up Burp suite.

Lets get hacking. Open burp suite and intercept the traffic.

In burp suite turn on intercept.

While intercept is turned on. Go to the web app and enter any random username and password. Then click submit.

When we click the submit button, traffic is intercepted. we can see the random username and password we entered.

Note: You need to setup burpsuite proxy to be able to intercept request.
you can find plenty of videos to do so.

Click ctrl + I to send this request into intruder.

In Intruder follow the steps below.
1. Click on Clear ; this clears all payload position in case selected by default.
2. Select the username you entered ; randomuser in my case.
3. Click Add this select the username field as payload position
4. Select the passsword you entered ; randompassword in my case.
5. Click Add this select the password field as payload position
6. Change the attack type to Cluster bomb

It should look like this:

After this is done. Go to payloads section.

In paylods section:
1. Select payload set 1
2. Payload type simple list
3. And paste the username payload.

Payload is given in lab:

Lets continue:

1. Select payload set; 2
2. Select payload type; simple
3. Paste the password payload
4. After you are ready click on start attack

Let the bruteforcer run.

After it is completed. We can see all other response are 200, but only one is 302 . In 302 status code username and password are akamai and hockey

Lets try to login with this credentials

And logged in successfully.