O'Reilly logo

Burp Suite Cookbook by Sunny Wear

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

  1. From the Mutillidae menu, select OWASP 2013 | A4 – Insecure Direct Object References | Source Viewer:

  1. From the Source Viewer page, using the default file selected in the drop-down box (upload-file.php), click the View File button to see the contents of the file displayed below the button:

  1. Switch to Burp's Proxy | HTTP history tab. Find the POST request you just made while viewing the upload-file.php file. Note the phpfile parameter with the value of the file to display. What would happen if we change the value of this parameter ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required