Appsec

Authenticated User Access

  • Click on "Login/Register" link to return to the login page.

  • Login to the Mutillidae application using the newly created user account.

  • On successful login, you should see a "Logout" button in top navigation menu.

  • Repeat steps to save a blog entry, but this time as an authenticated user, i.e, intercept the "Save Blog Entry" request, but, as a logged-in user.

  • Observe the new response in the Repeater tab.

  • Right-click on the response and select "Send to Comparer" option from the context menu.

  • Stay in the "Repeater" tab.

  • Modify the value of "uid" parameter, in request header, to a different value, say 21.

  • Click on "Go" button.

  • Right-click on the new response and select "Send to Comparer" option from the context menu.

  • Switch to the "Comparer" tab.

  • You should see the response items listed in the Comparer tool.

  • Select the first response item for comparison

  • Select the second response item for comparison

  • Click on the button labeled as "Words", to compare the two selected items word-by-word.

  • Select the "Sync view" checkbox.

  • Scroll down to view the differences between the selected response items.

PreviousCreate a New UserNextIntruder: Set Positions

Last updated