Sequencer is an interesting tool that comes with Burp Suite. Sequencer allows us to test how random the data is.

Applications require different types of sufficiently random tokens for a multitude of things, for example, session IDs, anti-CSRF tokens, password reset tokens, user account activation tokens, and more. The basic question that we try to answer is that given enough number of tokens, will the randomness of the tokens be enough? Will a large enough sample of tokens reveal any patterns that allow us to guess a token value that might have been generated in the past or might occur in the future?

A good place to use the Sequencer tool is when you suspect that developers have tried to use their own code to create what they feel are ...

Get Burp Suite Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.