How to do it...

Ensure Burp and the OWASP BWA VM are running and that Burp is configured in the Firefox browser used to view the OWASP BWA applications.

  1. From the OWASP BWA Landing page, click the link to the GetBoo application:

  1. Click the Log In button, and at the login screen, attempt to log in with an account username of admin and a password of aaaaa:

  1. Note the message returned is The password is invalid. From this information, we know admin is a valid account. Let's use Burp Intruder to find more accounts.
  2. In Burp's Proxy | HTTP history ...

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.