- Navigate to the homepage of OWASP Mutillidae II.
- Switch to Burp Proxy | HTTP history and look for the HTTP request you just created while browsing to the homepage of Mutillidae. Note the method used is GET. Right-click and send the request to Intruder:
In the Intruder | Positions tab, clear all suggested payload markers. Highlight the GET verb, and click the Add $ button to place payload markers around the verb:
- In the Intruder | Payloads tab, add the following values to the Payload Options [Simple list] text box: