Ensure Burp and OWASP BWA VM are running and that Burp is configured in the Firefox browser used to view the OWASP BWA applications.
- From the OWASP BWA Landing page, click the link to the OWASP Mutillidae II application.
- Open the Firefox browser to the login screen of OWASP Mutillidae II. From the top menu, click Login.
- Find the request you just performed within the Proxy | HTTP history table. Look for the call to the login.php page. Highlight the message, move your cursor into the Raw tab of the Request tab, right-click, and Send to Intruder.
- Switch over to the Intruder | Positions tab, and clear all Burp-defined payload markers by clicking the Clear § button on the right-hand side.
- Highlight the value currently stored in ...