An attacker (through the use of a program or application) simulates the requests of a typical web browser, attempting to gain valid credentials from an authentication system by large numbers of repeated authentication attempts, using different passwords.