O'Reilly logo

Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Munching on some cookies?

Most attackers and pen testers will find that the sloppy management of session information is often the easiest path to compromising the application. Cookies are a pretty broad term for that session information, and intercepting and mangling that information can be a windfall. Burp Suite is well suited to help in doing this using its Proxy Intercept and Repeater capabilities. For this test, we'll begin by logging into our Mutillidae (OWASP Broken Web App VM) application's A2 - Broken Authentication and Session Management | Privilege Escalation | Login page through Firefox (as shown in the following screenshot):

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required