June 2017
Intermediate to advanced
338 pages
8h 28m
English
Most attackers and pen testers will find that the sloppy management of session information is often the easiest path to compromising the application. Cookies are a pretty broad term for that session information, and intercepting and mangling that information can be a windfall. Burp Suite is well suited to help in doing this using its Proxy Intercept and Repeater capabilities. For this test, we'll begin by logging into our Mutillidae (OWASP Broken Web App VM) application's A2 - Broken Authentication and Session Management | Privilege Escalation | Login page through Firefox (as shown in the following screenshot):

Read now
Unlock full access