Insecure Direct Object Reference
Let's click on "Insecure Direct Object Reference" Challenge.
Hint! The Key for this level is stored on Administrator Profile.
Return to Burp. In the Proxy "Intercept" tab, ensure "Intercept is on".
We enter the "Refresh Your Profile Button" and Capture the Request using Burp Proxy
From the Captured request we found that "username = guest"
We are **`modifying`** the user name from **`"guest"`** to **`"admin"`** and forward the request to the server.
You would be able to view the Server Response with the Result Key
Past the key in the search box andSubmit
Last updated
Was this helpful?