Ensure Burp and the OWASP BWA VM are running and that Burp is configured in the Firefox browser used to view the OWASP BWA applications.
- From the OWASP BWA Landing page, click the link to the GetBoo application:
- Click the Log In button, and at the login screen, attempt to log in with an account username of admin and a password of aaaaa:
- Note the message returned is The password is invalid. From this information, we know admin is a valid account. Let's use Burp Intruder to find more accounts.
- In Burp's Proxy | HTTP history ...